This week we are posting an excerpt from our recently published EDRM Buyer’s Guide; a phase-by phase walk-through and checklist created by a former Litigation Project Manager using guidelines developed during implementation of a top oil and gas company’s e-discovery program. The Guide is designed to help laypeople evaluate software and workflow solutions at each phase of the e-discovery process in a neutral way and contains advisory sections on everything from information security to considerations when TIFFing documents. We will be posting excerpts from both the long form and checklist portions of the guide every few weeks – moving from left to right along the EDRM. This week we focus on System Management and Security, arguably an area to the left of the [EDRM.NET] process, but no less important because of its impact on the e-Discovery cycle.
System Management and Security
Before even entering the realm of EDRM preparedness, a firm should consider its system management and security needs as these areas will necessarily impact the organization’s e-Discovery processes. At a minimum any software the firm purchases should accommodate flexible user access, including the ability to support the existing roles and responsibilities of the organization. User roles and access rights should be customizable and not force the organization to adopt a specific workflow or team makeup. If the firm uses Active Directory, that should also be integrated by the chosen software to allow for centralized ID management and authentication.
The chosen solution must also provide a rich set of system audit and logging reports to determine user activity at a specific date and time. The logging functionality should include the option to severely restrict access and serve as valid input for establishing chain of custody as well as supporting user management activities by showing who has what access. All such reports should be creatable and accessible from a System Dashboard that supports management of the entire application, including the ability to quickly and effectively assess the application’s health, including disk space, RAM utilization and network connectivity.
The system’s communication and security protocol must also be robust and in keeping with the firm’s needs and current configuration. The security feature’s overarching function should be to prevent unauthorized use of the system or system components. To achieve this goal, a good software solution will support intra-component authentication through use of 802.1x certificates or other authentication factors compatible with the organization’s standards. Use of the organization’s certificate hierarchy should also be an available option. The strongest communication and security protocols will also have third party validation to limit the end user’s need to validate at their own expense.
The system’s workflow should progress logically while supporting full delegation of duties without forcing an organization to adopt inefficient processes. Workflow steps should be clearly broken out and allow for tasks to input into the systems without an undue burden on multiple parties. Further customization to fields within the user interface should support organization requirements and changes. Any competitive solution should contain an automated notification framework as part of this work flow. Well designed automated notification based on user roles makes notification of pending tasks (approvals and other workflow activity) robust and auditable. An ideal framework will make available customized notifications through email and thus support a more effective use of time by those involved in day to day operations.
If you would like to read more from the EDRM Buyers Guide, you can download a free copy of the full document.