Embed Size (px)
Citation preview
Integrating GARP® With Your eDiscovery Best Practices
Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud Essentials
Principal, nControl, LLCAdjunct Professor
President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
• Presentation Overview– GARP® Overview– eDiscovery Overview– Integrating GARP® With eDiscovery– Use Case 1– Use Case 2– GARP® Supplements
Integrating GARP® With eDiscovery
• GARP® Overview– What is it?
• Information Governance Framework
– Phases• Accountability• Transparency• Integrity• Protection• Compliance• Availability• Retention• Disposition
Integrating GARP® With eDiscovery
• GARP® Overview– Maturity Model• Level 1 – Sub-Standard• Level 2 – In-Development• Level 3 – Essential• Level 4 – Proactive • Level 5 – Transformational
Integrating GARP® With eDiscovery
• eDiscovery Overview– What Is It?• Electronic Discovery• Electronically Stored Information (ESI)
– Who Does It Involve?• People• Process • Technology
Integrating GARP® With eDiscovery
• eDiscovery Overview– People• Internal
– Records & Information Management (RIM)– Internal Counsel/Legal/Compliance– IT
• External– External Counsel– Consultants/Contractors
Integrating GARP® With eDiscovery
• eDiscovery Overview– Process• Generic• EDRM
Integrating GARP® With eDiscovery
• eDiscovery Overview– Technology
• Process-Focused– Presentation/Collection/Archival– Processing/Review/Analysis/Search
• Artifact-Focused– Collaboration (Email, IM)– Social Media – File Shares– Electronic Document/Content Management (EDM/ECM)– Telecom– Web Content Management (WCM)
• Deployment-Focused– Traditional – Cloud/Hosted
Integrating GARP® With eDiscovery
Source: ZL Technologies
Source: Symantec
Source: Symantec
Source: Kazeon / EMC
Source: EMC
Source: Algo Solutions
Source: Gartner
Integrating GARP® With eDiscovery
• eDiscovery Cloud Solutions– Software as a Service (SaaS)– Platform as a Service (PaaS)– Infrastructure as a Service (IaaS)
Integrating GARP® With eDiscovery• eDiscovery Cloud Solutions– SaaS• Social Media-Centric
– Arkovi– Archive-It– LiveOffice SocialArchive
• Comprehensive– Zantaz– Proofpoint Enterprise Archive– Microsoft Exchange Online Archive (EOA)– Symantec Enterprise Vault.cloud– EMC SourceOne – VARs/Resellers– Google Message Discovery (GMD)
Integrating GARP® With eDiscovery• eDiscovery Cloud Solutions– SaaS (Continued)• Comprehensive
– Sonian– Smarsh
Integrating GARP® With eDiscovery
• eDiscovery Cloud Solutions– PaaS• Various Platform Vendors
– Build e-Discovery Modules Leveraging Existing Platform» Not Much of a Market / Business Model » Re-Create the Wheel
– IaaS• Various Cloud Vendors
– Build eDiscovery Solution on IaaS Instance » Market / Business Model = All Cloud» Leverage Existing Licensing» Analogous to Hosting
• Integrating GARP® With eDiscovery– People
• RIM, Counsel & IT
– Process• Legal Holds/Litigation Response• Protection/Compliance/Retention/Disposition
– Technology• System of Origination
– ECM/EDM– WCM– Collaboration
• eDiscovery System– Presentation/Collection/Archival– Processing/Review/Analysis
Integrating GARP® With eDiscovery
Integrating GARP® With eDiscovery
Integrating GARP® With eDiscovery
Integrating GARP® With eDiscovery
Source: Metalogix StoragePoint
Integrating GARP® With eDiscovery
Source: Metalogix StoragePoint
Integrating GARP® With eDiscovery
• Integrating GARP® With eDiscovery– Technology (Continued)• Information Governance Tools
– ECM/EDM» SharePoint: » -AvePoint DocAve 6» -HiSoftware: Compliance Sheriff SP, Security Sheriff SP, Privacy» Documentum:» -Records Manager (RM)» -Retention Policy Services (RPS)» -Physical Records Services (PRS)» -Federated Records Services (FRS)
– WCM» Web 1.0/2.0: Active Navigation Discovery Center
– RDBMS» SQL Server 2008L Master Data Services
Integrating GARP® With eDiscovery
Integrating GARP® With eDiscovery
Source: DocAve
• Integrating GARP® With eDiscovery– Reality
• “It’s the economy stupid.” – lean budgets, project holds.• Change is difficult.• Keep all mentality pervades.
– OR, highest common denominator (retention requirements).
• Departments have different retention schedules.• Some organizations are more manual than others.• Some law cases take a LONG time.
– Concurrent investigations/lawsuits affect retention.
• Fads fade.– Lean Six Sigma in financial services. – Legacy (“old school”) mentality for leadership.
Integrating GARP® With eDiscovery
Integrating GARP® With eDiscovery
• Case Study 1– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned– Next Steps
Integrating GARP® With eDiscovery• Case Study 1– Background• CIO Wants to Implement SharePoint – Nix File Shares• Financial Services SMB• Staff: IT, 6 FTEs; Compliance, 1 FTE
– Drivers• Compliance• Disjointed Processes/Inefficiencies
– Technologies• Email: Exchange Server 2010• EDM: SharePoint 2010• Discovery: Backups, Then Symantec Enterprise Vault 10.0
Integrating GARP® With eDiscovery• Case Study 1– Limitations• No Records & Info Mgmt (RIM) Program
– ARMA, GARP®….huh?
• Organizational Behavior/Culture• Budget• Skill-sets• Resources
– Risks• Stakeholder Buy-in• CIO Political Capital• Program Upkeep/Maintenance • Capital Expenditure Requirements
Integrating GARP® With eDiscovery• Case Study 1– Lessons Learned• Stakeholder Buy-in Was Huge• Don’t Forget the Fiefdoms• Healthy Dose of Skepticism
– Email Backups
• Those in the Trenches Were the Champions– Especially Internal Sales
Integrating GARP® With eDiscovery• Case Study 1– Next Steps• Iterative Implementation of SharePoint• Test eDiscovery Functionality• Implement Document Mgmt Training & Awareness• Publish Naming Conventions & RIM SOPs• Scheduled:
– Records Retention Schedule (RRS) Update– Records Clean-out– GARP® Self-Assessment
Integrating GARP® With eDiscovery
• Case Study 2– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned– Next Steps
Integrating GARP® With eDiscovery• Case Study 2– Background• RIM Program Dealing w/ Multiple Mergers & Acquisitions• Mid-sized Pharmaceutical (Manufacturing & Sales)• Staff: RIM, 1 FTE w/ Other Responsibilities
– Drivers• Resource Limitations• Limited Domain Knowledge• Disjointed Processes/Inefficiencies
– Technologies• Email: Exchange Server 2008• EDM: SharePoint 2007• Discovery: Backups, Then Symantec Enterprise Vault 9.0
Integrating GARP® With eDiscovery• Case Study 2– Limitations• Currently in Litigation Response• Program Conflicts:
– Priority– Budget– Interest
• Organizational Integration• Disjointed Processes
– Risks• Compliance• Program Upkeep/Maintenance • Operating Expenditure Requirements
Integrating GARP® With eDiscovery• Case Study 2– Lessons Learned• Selling Process Improvement Was Huge
– Process Workflow– Litigation Response– Archiving
• Sell the Program Too– Use by Competitors– Use by Smaller Organizations– Maturity Through GARP®
• Don’t Forget the Fiefdoms– Need Decentralized Support Though
• Healthy Dose of Skepticism– Verbal Promises
Integrating GARP® With eDiscovery
• Case Study 2– Next Steps• Deploy Email Policy• Implement GARP® Training & Awareness• Scheduled:
– Records Clean-out– GARP® Self-Assessment– Integrated Litigation Response Test
» Offsite Archiving Vendor» Benefits Administrator» Payroll Administrator
• GARP® Supplements– Generic– IGRM– MIKE2.0
Integrating GARP® With eDiscovery
Source: EMC
• Presentation Take-Aways– Know Information Governance (e.g. GARP®)– Know eDiscovery– Learn To Integrate The Two Through:–People–Processes–Technologies
Integrating GARP® With eDiscovery
• Questions?• Contact– Email: [email protected]– Twitter: @markes1, @csdadelval2011– LI: http://www.linkedin.com/in/smarkey– CSA-DelVal: http://www.csadelval.org/
