ISO IEC 27050-4 pdf – Information technology — Electronic discovery — Part 4: Technical readiness
— create a list or inventory of systems, or possibly a data map to provide a centralized listing of what types of ESI the organization has and where it is stored; — understand the implications associated with issuing legal holds or preservation orders.
7.1.2 ESI landscape ISO/IEC 27050-1:2019, Clause 7, provides useful information on the common types of ESI, common sources of ESI, ESI representations and non-ESI as part of the electronic discovery process. This information, when combined with the matter specific requirements, can serve as a useful starting point in identifying potential sources of relevant ESI. These sources can include business units, people, ICT systems and hardcopy. Identification should be as thorough and comprehensive as possible. The scope of ESI potentially subject to preservation and disclosure can be uncertain in the early phases of a matter. The nature of the matter itself and the individuals involved can change as the matter progresses. The identification team should anticipate change and have a procedure in place for capturing any newly identified ESI. Identification requires diligent investigation and analytical thinking.
7.1.3 Data map A data map is a comprehensive and defensible inventory of an organization’s ICT systems that store ESI. It is important to create a data map to provide a centralized listing of which types of ESI exist within the organization (see ISO/IEC 27050-3:2020, 6.2.5). This should also include details of specific locations of data sets and can include the route data takes when in transit alongside, for example, who has control over a mailbox and where the servers sit including any hardcopy material requirements. This data map should be designed and managed with the assistance of ICT personnel and should identify all relevant policies (e.g. retention policy, preservation policy, BCM policy) applicable to each item of ESI. Ideally, the data map can also include the locations of hardcopy material. Resource should be assigned to the task and on-going responsibility of creating and managing the data map. After the triggering event, the electronic discovery team can use the data map to identify where the relevant material is stored (ESI map).
The ESI map can provide sufficient detail around what data repositories are potentially discoverable and how the data within them can be produced to help inform decisions around the electronic discovery system selection process. Where hardcopy material forms are identified, there should be a decision and process in place to manage the scanning and coding. This should include coding specifications that can be specific to the organizational and project requirements. See Annex A for assistance with creation of the data map. The level of security necessary for the ESI, all associated metadata and work product is dependent on business needs and compliance obligations as applicable to the purposes of the electronic discovery process. The security should be commensurate with the controls determined in accordance with 8.2 .
7.1.4 Data classification All ESI should be subject to data classification. This can be according to government standards, market sensitivity, internal governance, privilege, control of data under data protection or privacy legislation, or for the purposes of any matter requiring discovery. This classification can affect the decisions around the management, traffic and encryption that should be created via the architecture and system design.