Today’s eDiscovery service marketplace offers a multitude of eDiscovery service options; some of which offer the option of consolidating with a self-service, cloud-based platform. This method has proven to be the preferred mode of operation for savvy firms and corporations as it eliminates the costly infrastructure and maintenance demands of an on-premise system. The self-service, cloud-based platform further facilitates the ability to document an unbroken chain of custody and leverages the expertise of the service provider’s project management team while offering encryption on active and passive data. Compared to other service types, this method offers the most versatility and control.
However, in light of how all-encompassing attorney-client relationships must be in order to be effective, utilizing an irresponsibly managed cloud-based system can create vulnerabilities in data security. Simply put, a law firm security lapse can be catastrophic.
Further, most legal and corporate enterprises fail to continuously audit the security competency of their eDiscovery service providers. The fact remains that it is just not easy to evaluate and manage service providers to a defined set of security standards and practices beyond the initial vetting stage. So, the solution must be to contract with service providers that are certified by third party audit & review agencies.
From SOC, ISO, SSAE to PCI and many more, there are a wide range of standards and certifications in the industry. Selecting vendors that share a commitment to security is critical. While many eDiscovery service providers tout their security procedures, only a select few have subjected themselves to the strict oversight, costly approval process and ongoing auditing required for certification under recognized standards. If a vendor lacks independently validated security certifications, it can be difficult to discern the level of security it is capable of providing. Selecting vendors that meet standards like SOC2 and have demonstrated success handling matters means that you can be confident data security is a priority.
By requiring data security certification standards and expectations during e-discovery, you not only fulfill your professional obligations, but you also take proactive steps to manage critical company information and direct litigation approaches and strategy.
Additionally, with constant cost pressures you may be tempted to switch vendors and hire the cheapest one for each different matter. However, by developing long-term relationships you can save time and worry. No matter what approach you take, you have the initial and primary responsibility during e-discovery and litigation to ensure that data remains safe. Each matter requires a fresh review of security policies and procedures, a reexamination of the reliability of your partners and a reaffirmation to your own employees that security is a top priority.
Keep in mind that maintaining security is a constant task - one that is rarely rewarded when it is maintained, yet harshly judged and punished when it is not. At IST Discover-E, we recognize that by selecting partners that place a similar premium on data integrity, our clients can help ensure that a breach will not happen on their watch. IST Discover-E take this responsibility very seriously and is a SOC2 Type 2 organization dedicated to adhering to stringent administrative, physical and technical safeguard standards all working in synchrony to give our clients peace of mind as their data leaves their offices. This includes:
At IST Discover-E, we are vigilant in protecting our clients’ most precious assets by continuously improving our physical and operational security processes. By working with IST Discover-E, your trusted eDiscovery service provider, you can feel more confident that those who handle the data during litigation have hired the right people and follow pre-established procedures.
1. Physical Security - Physical security procedures must be enacted so only authorized individuals have access to physical locations such as the data center facilities, data center rooms, computer operational centers, electrical/mechanical rooms, and other critical areas. Onsite security professionals and site access and monitoring systems must be present providing an uncompromised level of security 24x7x365.
2. Logical Security - Since most security attacks occur from the inside, access to your network must be impenetrable to outsiders. Strict security policies must be enforced to offer cutting edge technology and premium support that ensures your network is reinforced against attacks including:
3. Compliance - From rigorous compliance audit and Information security teams to operational teams dedicated to ensuring each client’s Relativity environments are in alignment with policy standards, you need peace of mind when they trust their critical data to our data centers. The compliance program must:
4. Disaster Recovery/Business Continuity – Your eDiscovery service partner must have the following components at all data centers to minimize service interruption due to hardware failure, natural disaster or other catastrophe:
5. Efficient Systems Architecture – Taking the form of a Single Tool Workflow solution to keep all work in the Relativity application eliminating fumbled data during transfer from one application to another, extra fees for licensing multiple applications or the need for additional specialists or security controls. The benefits include:
IST Management Services, Inc.
1341 Moreland Ave SE, Atlanta, GA 30316