Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2015-03-02 19:00:00Format, images and links may no longer function correctly.
I enjoy your feedback, especially when my readers can point out something I may have missed. My thanks to both Shelley Podolny from H5 and Brandon Leatha from IDS for drawing my attention to the international standards giving an overview of the eDiscovery process that have been under development for some time. As you can see from the ISO.org page, the standards are still in the working draft stage. The full title is ISO/IEC CD 27050-1 and it has been put under the Security techniques (27050) classification. I remember the fanfare and discussion around this project back in 2013, but it had slipped from my radar without any subsequent public releases or project insight. At least this initiative is part of the established, formal international standards system. Even if this Part 1 standard does nothing more that codify definitions and re-affirm existing concepts, it will be a step in the right direction. Here is some draft introductory language that was so kindly provided to me:
This International Standard provides an overview of electronic discovery and describes related terminology, concepts, and processes, which are intended to be leveraged by the other ISO/IEC 27050 parts. It is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities. It is important to note that this guidance is not intended to contradict or supersede local jurisdictional laws and regulations.
Electronic discovery often serves as a driver for investigations (covered in ISO/IEC 27041, ISO/IEC 27042, and ISO/IEC 27043) as well as evidence acquisition and handling activities (covered in ISO/IEC 27037). In addition, the sensitivity and criticality of the data sometime necessitate protections like storage security to guard against data breaches (covered in ISO/IEC 27040).
It should be noted that this International Standard is not a reference or normative document for regulatory and legislative security requirements. Although it emphasizes the importance of these influences, it cannot state them specifically, since they are dependent on the country, the type of business, etc.
So keep the feedback coming and I will keep sharing when it adds value to the conversation.
Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. His active research topics include analytics, mobile device discovery, the discovery impact of the cloud, Microsoft’s 2013 eDiscovery Center and multi-matter discovery. Recent consulting engagements include managing preservation during enterprise migrations, legacy tape eliminations, retention enablement and many more.
Blog perspectives are personal opinions and should not be interpreted as a professional judgment. eDJ consultants are not journalists and perspectives are based on public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? eDJ Group is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.