Information technology. Electronic discovery. Guidance for governance and management of electronic discovery

Abstract

Engagement in electronic discovery and processes can expose organizations and the stakeholders within and outside those organizations to collective and individual risks, including legal, financial and ethical. This document aims to provide guidance for decision makers and those holding responsible roles to ensure that causes of failure are properly managed and, where possible, minimized while still complying with policy and conformance requirements to enable effective and appropriate electronic discovery and processes. This document is to be read in relation to ISO/IEC 27050‑1 and ISO/IEC 27050‑3. Common responsibilities of a governing body is to provide strategic direction in all matters of relevance to electronic discovery and to take ownership of the risks related to electronic discovery. The responsibility of management is to develop and implement the policies, plans and strategies for electronic discovery set by the governing body. The inherent causes of failure and environmental issues associated with electronic discovery governance and management impact the viability of a coherent system that delivers optimal business value. Consequently, the structures, processes and communication requirements of electronic discovery needs to be compliant and open to review. The measure of success for the investment in the use of electronic discovery services is the benefit that it brings to the organization making the investment. Proper foresight, oversight and direction allow the full scope of the effort required to derive the expected benefits and an appropriate framework for governance, risk and value to be determined. This document addresses the concerns of electronic discovery governance by identifying the risk and the risk owners of potential points of failure in electronic discovery processes. This document is to provide guidance for the governance and management of electronic discovery. © ISO/IEC 2022 All rights reserved

Scope

This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards. It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies. © ISO/IEC 2022 All rights reserved

External Links