ISO IEC 27050-4-2021 pdf Information technology — Electronic discovery — Part 4: Technical readiness

7.1.2 ESI landscape ISO/IEC 27050-1:2019, Clause 7, provides useful information on the common types of ESI, common sources of ESI, ESI representations and non-ESI as part of the electronic discovery process. This information, when combined with the matter specific requirements, can serve as a useful starting point in identifying potential sources of relevant ESI. These sources can include business units, people, ICT systems and hardcopy. Identification should be as thorough and comprehensive as possible. The scope of ESI potentially subject to preservation and disclosure can be uncertain in the early phases of a matter. The nature of the matter itself and the individuals involved can change as the matter progresses. The identification team should anticipate change and have a procedure in place for capturing any newly identified ESI. Identification requires diligent investigation and analytical thinking. 7.1.3 Data map A data map is a comprehensive and defensible inventory of an organization’s ICT systems that store ESI. It is important to create a data map to provide a centralized listing of which types of ESI exist within the organization (see ISO/IEC 27050-3:2020, 6.2.5). This should also include details of specific locations of data sets and can include the route data takes when in transit alongside, for example, who has control over a mailbox and where the servers sit including any hardcopy material requirements.
7.1.4 Data classification All ESI should be subject to data classification. This can be according to government standards, market sensitivity, internal governance, privilege, control of data under data protection or privacy legislation, or for the purposes of any matter requiring discovery. This classification can affect the decisions around the management, traffic and encryption that should be created via the architecture and system design.
7.2.2 Assessing preservation needs It is important to establish preservation procedures covering employees, ICT, legal and former and departing employees. Based on the procedures, the team can assess the needs for preservation with regard to where the relevant ESI is stored and technical implications of collection. The scope of preservation should be determined. The number of subjects affected, who are required to act, who can control ESI, and the time period for preservation are among the first decisions. The team should consider the potential for third-party preservation requirements. A preservation notice should be issued to all relevant parties, including steps to be taken to ensure appropriate preservation. The team should put in place a process for continued preservation throughout the relevant time period, i.e. the life of the case or project.