ISO/IEC 27050 specifies standards and guidelines for electronic discovery activities, such as identifying, preserving, collecting, processing, reviewing, analysing, and producing electronically processed information (ESI).
It is important to remember that the standards and guidelines are not meant to negate or invalidate applicable local jurisdictional laws and regulations, and the user is required to practise due diligence to ensure consistency with applicable jurisdictional requirements.
Although individual investigators, organisations, and jurisdictions may well use these techniques, processes, and controls in accordance with local laws, regulations, and accepted practices, standardisation is hoped to eventually lead to the implementation of similar if not identical solutions globally. This will make it easier to compare, combine, and contrast the results of those investigations.
Electronic discovery (sometimes called e-discovery or ediscovery) is the process of identifying, gathering and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation. Documents, emails, databases, presentations, voicemail, audio and video recordings, social media, and web pages are all examples of ESI.
Due to the sheer amount of electronic data generated and processed, the processes and technology associated with e-discovery are often complicated. Furthermore, electronic documents, unlike hardcopy documents, are more dynamic and often include metadata such as time and date stamps, author and receiver information, and file properties.
Preserving the original material and metadata for electronically stored documents is necessary to avoid subsequent accusations of material falsification or manipulation. Hacking for the purpose of collecting vital evidence on a court-ordered or government-sanctioned basis is often a form of e-discovery.
Electronically Stored Information (ESI) is a term you hear often during litigation involving the collection of emails. ESI is defined as any data, records or information that is created, modified, stored electronically or magnetically, and saved on electronic media such as hard drives/devices.
Legal holds are placed on the identified relevant ESI, initiating the formalised forensic process intended to guarantee, beyond doubt, that these items are safe through the remaining stages against the following threats: loss/theft, accidental damage, intentional manipulation, replacement/substitution.
The court still has the power to fine the defendant even if it ruled that the failure to preserve as a result of negligence if the inability to preserve the data significantly compromises the defence.
The ESI is usually collected from the original custodian by physically retrieving the original portable storage media, such as memory devices, hard drives, CDs, DVDs, etc. and perhaps related physical evidence that may include fingerprints or DNA evidence tying a suspect to a crime.
In the case of the Internet, cloud, or other distributed and ephemeral data, such as RAM on an operating system, it may be impractical or difficult to protect the data through physical media capture, and therefore the data must be collected directly in a manner that is forensically appropriate.
Certain businesses that deal with a high volume of lawsuits have software in place to automatically place legal holds on specific custodians in response to a trigger case (such as a legal notice) and initiate the collection process immediately. Some businesses may need the assistance of a digital forensics specialist to avoid data spoliation.
Native files are prepared for loading into a document review portal during the processing phase. This process often includes the extraction of text and metadata from the original files. Various data culling procedures, such as deduplication and de-NISTing, are used during this process. At this point, native files are often converted to formats like PDF or TIFF to facilitate redaction and bates-labelling.
The electronically stored information is searched or analysed for case-relevant information. Various activities associated with this process can be facilitated by various document review platforms, including the quick identification of potentially relevant documents and the culling of documents based on various criteria (such as keyword, date range, etc.).
Additionally, the majority of review tools make it simple for large numbers of document review attorneys to collaborate on cases, utilising collaborative tools and batch processing to expedite the review process and minimise duplication of effort.
The court receives the relevant material from the analysis, as well as the original storage medium and other documentation. This invariably entails presenting and describing the significance of the facts in ways that the court understands. A load file is often included with this production and is used to load documents onto a document review portal. Documents may be presented as native files or PDF and TIFF with metadata.
ISO 27037 focuses on the actual collection and storage of potential digital evidence and has nothing else to do with further processing of the evidence, such as its review, presentation, and disposal.
Individuals who handle digital data should be able to recognise and mitigate threats associated with dealing with this kind of evidence in order to protect it from being degraded and rendered worthless. ISO 27037 establishes the standards that this person can follow in order to safeguard the integrity and authenticity of digital evidence.
The ISO 27042 standard, which is part of the ISO/IEC 27000 family of standards and was published in 2015, establishes a framework for electronic evidence and its subsequent interpretation. It determines how a specialist would approach the study and eventual understanding of a particular form of digital proof in a given situation. ISO 27042 clearly defines a set of best practices for the collection, design, and implementation of digital evidence.
To make digital evidence from a digital forensic investigation admissible, a formalised and, preferably, a standardised procedure must be followed. This is the objective of ISO 27043. The digital forensic investigation process is governed by ISO 27043. It establishes a series of procedures for investigators to follow in order to preserve the integrity of digital data obtained by e-discovery.
BS 10008 is a British Standard that defines best practices for the implementation of electronic information management systems, including information storage and transfer. It is intended to assist you in verifying and authenticating all of your records in order to prevent the ethical pitfalls associated with data collection. BS 10008 specifies best practices for electronically exchanging data between applications and migrating paper documents to digital files. Additionally, it establishes rules for handling the availability and accessibility of any documents that could be requested as testimony in court.
The ISO 27050-2 standard provides guidelines associated with the electronic discovery processes framework described in ISO 27050-1. It was published in 2018. ISO 27050-2 establishes a framework for electronic discovery for technical and non-technical senior management staff in an organisation. This covers those accountable for adhering to statutory and regulatory provisions, as well as industry practices.
It provides a best practice framework for forensic work, which describes the structure and controls that should govern all parts of forensic work within a controlled, repeatable and trusted environment.
Additionally, it addresses how to establish those policies in a way that they can be used to inform process control. Additionally, it offers guidelines on how to execute and manage electronic discovery in line with the policies.
The ISO 27050-3 standard provides guidelines associated with the electronic discovery processes framework described in ISO 27050-1. It was published in 2020 and outlines a comprehensive approach to electronic discovery, and offers useful insight into some of the technical advantages and threats that litigation counsel should be mindful of.
ISO 27050-3 provides a set of guidelines that an organisation can use to evaluate its operations, and ensure its competencies are correct, as regards e-discovery. The standard is a unique resource since it was developed under the direction of legal and information technology security professionals with direct input from legal practitioners, judges, e-discovery professionals, and bar associations.
ISO 27050-3 articulates the goals and outlines the criteria required to allow successful processes and outcomes for each step of the e-discovery process, from preservation to production, by outlining a list of general standards to adopt without exactly defining how they are to be applied.
Notably, ISO 27050-3 highlights the considerations to acknowledge in order to prevent mistakes during each process, alerting practitioners to common pitfalls that can derail an otherwise serious e-discovery attempt.
It entails possessing the necessary expertise, abilities, procedures, and technology to solve a specific problem or obstacle. This does not mean that an organisation is all-knowing and capable of doing it all; rather, it means that it is fit for purpose and prepared for the mission at hand, including any contingency that might arise.
Technical readiness, as it affects eDiscovery refers to an organisation achieving the required degree of competence in order to recognise, maintain, collect, process, evaluate, analyse, and deliver ESI. Additionally, it is critical that ESI is secure and structured efficiently so that it can be used effectively.
The significance of eDiscovery cannot be overstated: it is a key catalyst of archiving framework and has important consequences for how organisations preserve, store, and maintain their electronic information. Failure to handle eDiscovery properly may have serious consequences.
c80f0f1006