Blog Layout

Keeping Your Data Secure

Is your ediscovery vendor keeping your data secure?

Today’s eDiscovery service marketplace offers a multitude of eDiscovery service options; some of which offer the option of consolidating with a self-service, cloud-based platform. This method has proven to be the preferred mode of operation for savvy firms and corporations as it eliminates the costly infrastructure and maintenance demands of an on-premise system. The self-service, cloud-based platform further facilitates the ability to document an unbroken chain of custody and leverages the expertise of the service provider’s project management team while offering encryption on active and passive data. Compared to other service types, this method offers the most versatility and control.

Self-service, cloud based platforms with the proper control mechanisms offer highly secure data as well as reduced overhead and more cost-effective solutions.

However, in light of how all-encompassing attorney-client relationships must be in order to be effective, utilizing an irresponsibly managed cloud-based system can create vulnerabilities in data security. Simply put, a law firm security lapse can be catastrophic.

Further, most legal and corporate enterprises fail to continuously audit the security competency of their eDiscovery service providers. The fact remains that it is just not easy to evaluate and manage service providers to a defined set of security standards and practices beyond the initial vetting stage. So, the solution must be to contract with service providers that are certified by third party audit & review agencies.

The ability to establish and maintain data integrity should be viewed as a key, primary differentiator when selecting vendors and partners.

From SOC, ISO, SSAE to PCI and many more, there are a wide range of standards and certifications in the industry. Selecting vendors that share a commitment to security is critical. While many eDiscovery service providers tout their security procedures, only a select few have subjected themselves to the strict oversight, costly approval process and ongoing auditing required for certification under recognized standards. If a vendor lacks independently validated security certifications, it can be difficult to discern the level of security it is capable of providing. Selecting vendors that meet standards like SOC2 and have demonstrated success handling matters means that you can be confident data security is a priority.

By requiring data security certification standards and expectations during e-discovery, you not only fulfill your professional obligations, but you also take proactive steps to manage critical company information and direct litigation approaches and strategy.

A comprehensive information security plan should be made explicit at the outset of every eDiscovery project in order to instill the expectation that security is a critical, collaborative task.

Additionally, with constant cost pressures you may be tempted to switch vendors and hire the cheapest one for each different matter. However, by developing long-term relationships you can save time and worry. No matter what approach you take, you have the initial and primary responsibility during e-discovery and litigation to ensure that data remains safe. Each matter requires a fresh review of security policies and procedures, a reexamination of the reliability of your partners and a reaffirmation to your own employees that security is a top priority.

Keep in mind that maintaining security is a constant task - one that is rarely rewarded when it is maintained, yet harshly judged and punished when it is not. At IST Discover-E, we recognize that by selecting partners that place a similar premium on data integrity, our clients can help ensure that a breach will not happen on their watch. IST Discover-E take this responsibility very seriously and is a SOC2 Type 2 organization dedicated to adhering to stringent administrative, physical and technical safeguard standards all working in synchrony to give our clients peace of mind as their data leaves their offices. This includes:

Physical Security
Logical Security
Compliance
Disaster Recovery/Business Continuity
Systems Architecture

At IST Discover-E, we are vigilant in protecting our clients’ most precious assets by continuously improving our physical and operational security processes. By working with IST Discover-E, your trusted eDiscovery service provider, you can feel more confident that those who handle the data during litigation have hired the right people and follow pre-established procedures.

Your eDiscovery Service Partner MUST MUST MUST Offer The Following:

1. Physical Security - Physical security procedures must be enacted so only authorized individuals have access to physical locations such as the data center facilities, data center rooms, computer operational centers, electrical/mechanical rooms, and other critical areas. Onsite security professionals and site access and monitoring systems must be present providing an uncompromised level of security 24x7x365.

2. Logical Security - Since most security attacks occur from the inside, access to your network must be impenetrable to outsiders. Strict security policies must be enforced to offer cutting edge technology and premium support that ensures your network is reinforced against attacks including:

Access Control
Antivirus and Malware Protection
Patch Management
VMware ESX Infrastructure Control
Network Intrusion Detection System
Firewall
DDoS Attack Protection and Mitigation
Backups
Data Segregation
Encryption

3. Compliance - From rigorous compliance audit and Information security teams to operational teams dedicated to ensuring each client’s Relativity environments are in alignment with policy standards, you need peace of mind when they trust their critical data to our data centers. The compliance program must:

Maintain a common, optimized, control framework that adheres to multiple regulatory compliance initiatives.
Creates an effective governance structure to allow for assimilation of regulatory changes
Hires the best independent accounting and consulting firms to audit and assess our company on a continuous basis
Be able to produce Service Organization Control Report (SOC 2, Type II, Report) to provide management of a service organization, user entities, and other specified parties with information relevant to applicable Trust Service Principles (Security, Availability, Confidentiality)

4. Disaster Recovery/Business Continuity – Your eDiscovery service partner must have the following components at all data centers to minimize service interruption due to hardware failure, natural disaster or other catastrophe:

Personnel Vetting
End-to-end monitoring of infrastructure with real time alerts
Well Documented Disaster Recovery Procedures
Redundancy
Crisis & Emergency Response Procedures
Managerial Monitoring of Controls
Incident Response Procedures
Risk Assessment, Organizational Risk, And Business Impact Analysis
Threat And Vulnerability Management Practices

5. Efficient Systems Architecture – Taking the form of a Single Tool Workflow solution to keep all work in the Relativity application eliminating fumbled data during transfer from one application to another, extra fees for licensing multiple applications or the need for additional specialists or security controls. The benefits include:

Centralized environment that limits data duplication
Zero risk of unsecured, lost or damaged data – data is not copied from server to server.
No additional fees for transferring data between multiple systems.
The same Project Manager handles your data from start to finish.
100% visibility of project progress.
The ability to self-administer
Changing search/processing parameters is enacted immediately with accountability built-in.