- 0 Comments
In the era of big data, vetting and asking the right security questions can help your organization save money and have peace of mind when it comes to ediscovery. Below is a general overview of some of the most important questions you should be discussing with your outside law firms and ediscovery service providers. Developing a thorough security RFI created in tandem with your IT/IS department to truly vet these organizations is highly recommended.
1. How is data stored, secured, and monitored? Knowing how and where your data will be stored once you transmit it for ediscovery processing and hosting are some of the most important questions you can ask.
- Storage: Understand whether data is stored onsite or in the cloud. Each method poses its own benefits and risks, and grasping which method best meshes with your organization’s needs is paramount.
- Security: Inquire about technical controls to protect security, from encryption methods to firewalls and intrusion detection systems.
- Monitoring: Learn about the service operations staff that keeps its finger on the heartbeat of the data center.
2. What physical protection measures are in place? Look for some of the following attributes to ensure that your law firm or vendor’s data center is state-of-the-art.
- Cooling: Make sure the data center has equipment to keep hardware cool and humidity levels in check.
- Power: Ensure that there is a continuous flow of power to the data center, with back-up generators available.
- Network: Request information about the network connectivity, specifically asking about redundancy.
- Fire Suppression: Understand fire suppression procedures and inquire about waterless fire suppression systems.
- Access Controls: Ask about physical access controls into the data center, such as biometric hand readers.
3. Is there enough secure storage available and is the operation scalable to accommodate unexpected expansion? If your law firm or ediscovery provider does not have the capacity to securely store the information, some of the data may be compromised. It is easier—and far less costly—to find another law firm or a secure vendor to host your data than it will be to clean up a disastrous data security breach posed by sticking with a firm or provider that bit off more than it could chew.
4. Who will have access to the data, and have they completed security training? The fewer people that have access to the information, the better. Make sure that your corporation’s confidential information is stored on a “need to know” basis, and it should be a red flag if that data is accessible to every employee at the law firm or ediscovery provider.
5. If data loss or breach occurs, what type of plan is in place? No one wants to think about a data breach or loss; however, your organization needs to be prepared in the event of a data disaster. Ask about breach notification response plans and provisions for leveraging a data recovery expert in the event of a loss.
With big data only getting bigger and breaches at an all-time high, it is prudent–and absolutely critical–to take every effort to vet your outside counsel and e-discovery provider’s data security policies, before it is too late.
Get started on understanding how to better protect your organization’s digital assets by watching Kroll Ontrack’s new video explaining its data security and operational processes.
About the Author
Brian Meegan leads a team of business development professionals whose primary responsibility is positioning Kroll Ontrack’s electronic discovery technology and service offering for the purpose of new business generation and client satisfaction. Prior to working with Kroll Ontrack, Mr. Meegan held senior management positions in both technology operations and business development with other leading providers of electronic discovery. Mr. Meegan repeatedly demonstrated success in providing industry-leading solutions to Fortune 500 corporations and Am Law 200 law firms, and is deeply engaged in associations tasked with standardizing and vetting technology and electronic discovery best practices.