EDRM Releases New Security Audit Questionnaire
Practical Data Security and Risk Assessment Tool Helps Organizations Evaluate Security Preparedness
"E-discovery increasingly involves very large volumes of potentially sensitive data, and multiple organizations may play a role in processing, hosting, review and production of documents," says George Socha, EDRM co-founder. "It's critical that decision makers assess the security capabilities of e-discovery providers, and the questionnaire was designed to guide that assessment."
A team of EDRM members representing e-discovery providers, corporate legal departments and law firms convened in August 2016 to discuss security and compliance requirements and create a plan for the Security Audit Questionnaire. Amy Sellars, assistant general counsel, litigation support for Walmart Legal, and Julie Hackler, account executive at Avansic, led the team of 14 professionals with backgrounds in e-discovery, security, IT technologies and litigation support in creating the tool. Over several months of collaborative effort, the team identified seven key security areas for audit, developed checklists and audit questions, built and tested the questionnaire. The complete list of EDRM Security Audit team members is included with the questionnaire.
The seven security disciplines addressed in the audit questionnaire include:
· General Security
· Security and Risk Management
· Asset Security
· Communications and Network Security
· Identity and Access Management
· Security Operations
· Software Development Security
The security survey evaluates an organization's data security and practices, allowing potential customers to assess the risk of entrusting sensitive data to the vendor. The tool can be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act and security breach notification laws.
The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided. The tool is also suited for organizations who wish to conduct a self-audit to assess security capabilities and identify areas for improvement.
The EDRM Security Audit Questionnaire (http://www.edrm.net/
The Electronic Discovery Reference Model (EDRM) creates practical resources to improve e-discovery and information governance. Since 2005, EDRM has delivered leadership, standards, best practices, tools, guides and test data sets to improve electronic discovery and information governance. Member individuals, law firms, corporations and government organizations actively contribute to the direction of EDRM. In 2016, EDRM became part of the Center for Judicial Studies at Duke Law School. EDRM expands the center's efforts to provide educational and professional resources in electronic discovery and information governance in support of its mission to promote a better understanding of the judicial process and generate ideas for improving the administration of justice. Visit EDRM.net to become a member. To learn more about the Duke Law Center for Judicial Studies, visit https://law.duke.edu/