Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Integrating garp e_discovery
1. Integrating GARP® With Your
eDiscovery Best Practices
Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud
Essentials
Principal, nControl, LLC
Adjunct Professor
President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
2. Integrating GARP® With eDiscovery
• Presentation Overview
– GARP® Overview
– eDiscovery Overview
– Integrating GARP® With eDiscovery
– Use Case 1
– Use Case 2
– GARP® Supplements
3. Integrating GARP® With eDiscovery
• GARP® Overview
– What is it?
• Information Governance Framework
– Phases
• Accountability
• Transparency
• Integrity
• Protection
• Compliance
• Availability
• Retention
• Disposition
5. Integrating GARP® With eDiscovery
• eDiscovery Overview
– What Is It?
• Electronic Discovery
• Electronically Stored Information (ESI)
– Who Does It Involve?
• People
• Process
• Technology
6. Integrating GARP® With eDiscovery
• eDiscovery Overview
– People
• Internal
– Records & Information Management (RIM)
– Internal Counsel/Legal/Compliance
– IT
• External
– External Counsel
– Consultants/Contractors
18. Integrating GARP® With eDiscovery
• eDiscovery Cloud Solutions
– Software as a Service (SaaS)
– Platform as a Service (PaaS)
– Infrastructure as a Service (IaaS)
21. Integrating GARP® With eDiscovery
• eDiscovery Cloud Solutions
– PaaS
• Various Platform Vendors
– Build e-Discovery Modules Leveraging Existing Platform
» Not Much of a Market / Business Model
» Re-Create the Wheel
– IaaS
• Various Cloud Vendors
– Build eDiscovery Solution on IaaS Instance
» Market / Business Model = All Cloud
» Leverage Existing Licensing
» Analogous to Hosting
22. Integrating GARP® With eDiscovery
• Integrating GARP® With eDiscovery
– People
• RIM, Counsel & IT
– Process
• Legal Holds/Litigation Response
• Protection/Compliance/Retention/Disposition
– Technology
• System of Origination
– ECM/EDM
– WCM
– Collaboration
• eDiscovery System
– Presentation/Collection/Archival
30. Integrating GARP® With eDiscovery
• Integrating GARP® With eDiscovery
– Reality
• “It’s the economy stupid.” – lean budgets, project holds.
• Change is difficult.
• Keep all mentality pervades.
– OR, highest common denominator (retention requirements).
• Departments have different retention schedules.
• Some organizations are more manual than others.
• Some law cases take a LONG time.
– Concurrent investigations/lawsuits affect retention.
• Fads fade.
– Lean Six Sigma in financial services.
– Legacy (“old school”) mentality for leadership.
31. Integrating GARP® With eDiscovery
• Case Study 1
– Background
– Drivers
– Technologies
– Limitations
– Risks
– Lessons Learned
– Next Steps
32. Integrating GARP® With eDiscovery
• Case Study 1
– Background
• CIO Wants to Implement SharePoint – Nix File Shares
• Financial Services SMB
• Staff: IT, 6 FTEs; Compliance, 1 FTE
– Drivers
• Compliance
• Disjointed Processes/Inefficiencies
– Technologies
• Email: Exchange Server 2010
• EDM: SharePoint 2010
• Discovery: Backups, Then Symantec Enterprise Vault 10.0
33. Integrating GARP® With eDiscovery
• Case Study 1
– Limitations
• No Records & Info Mgmt (RIM) Program
– ARMA, GARP®….huh?
• Organizational Behavior/Culture
• Budget
• Skill-sets
• Resources
– Risks
• Stakeholder Buy-in
• CIO Political Capital
• Program Upkeep/Maintenance
• Capital Expenditure Requirements
34. Integrating GARP® With eDiscovery
• Case Study 1
– Lessons Learned
• Stakeholder Buy-in Was Huge
• Don’t Forget the Fiefdoms
• Healthy Dose of Skepticism
– Email Backups
• Those in the Trenches Were the Champions
– Especially Internal Sales
35. Integrating GARP® With eDiscovery
• Case Study 1
– Next Steps
• Iterative Implementation of SharePoint
• Test eDiscovery Functionality
• Implement Document Mgmt Training & Awareness
• Publish Naming Conventions & RIM SOPs
• Scheduled:
– Records Retention Schedule (RRS) Update
– Records Clean-out
– GARP® Self-Assessment
36. Integrating GARP® With eDiscovery
• Case Study 2
– Background
– Drivers
– Technologies
– Limitations
– Risks
– Lessons Learned
– Next Steps
37. Integrating GARP® With eDiscovery
• Case Study 2
– Background
• RIM Program Dealing w/ Multiple Mergers & Acquisitions
• Mid-sized Pharmaceutical (Manufacturing & Sales)
• Staff: RIM, 1 FTE w/ Other Responsibilities
– Drivers
• Resource Limitations
• Limited Domain Knowledge
• Disjointed Processes/Inefficiencies
– Technologies
• Email: Exchange Server 2008
• EDM: SharePoint 2007
• Discovery: Backups, Then Symantec Enterprise Vault 9.0
38. Integrating GARP® With eDiscovery
• Case Study 2
– Limitations
• Currently in Litigation Response
• Program Conflicts:
– Priority
– Budget
– Interest
• Organizational Integration
• Disjointed Processes
– Risks
• Compliance
• Program Upkeep/Maintenance
• Operating Expenditure Requirements
39. Integrating GARP® With eDiscovery
• Case Study 2
– Lessons Learned
• Selling Process Improvement Was Huge
– Process Workflow
– Litigation Response
– Archiving
• Sell the Program Too
– Use by Competitors
– Use by Smaller Organizations
– Maturity Through GARP®
• Don’t Forget the Fiefdoms
– Need Decentralized Support Though
• Healthy Dose of Skepticism
– Verbal Promises
40. Integrating GARP® With eDiscovery
• Case Study 2
– Next Steps
• Deploy Email Policy
• Implement GARP® Training & Awareness
• Scheduled:
– Records Clean-out
– GARP® Self-Assessment
– Integrated Litigation Response Test
» Offsite Archiving Vendor
» Benefits Administrator
» Payroll Administrator
45. Integrating GARP® With eDiscovery
• Presentation Take-Aways
– Know Information Governance (e.g. GARP®)
– Know eDiscovery
– Learn To Integrate The Two Through:
– People
– Processes
– Technologies