EDRM releases new Security Audit Questionnaire

March 8, 2017


Durham, NC – EDRM, the leading standards organization for the e-discovery market, announced today the release of a new Security Audit Questionnaire, a practical tool for evaluating the security capabilities of corporations, law firms, cloud providers, and third parties offering electronic discovery or managed services.

“E-discovery increasingly involves very large volumes of potentially sensitive data, and multiple organizations may play a role in processing, hosting, review and production of documents,” said George Socha, EDRM co-founder. “It’s critical that decision makers assess the security capabilities of e-discovery providers, and the questionnaire was designed to guide that assessment.”

A team of EDRM members representing e-discovery providers, corporate legal, and law firms convened in August 2016 to discuss security and compliance requirements and create a plan for the Security Audit Questionnaire.  Amy Sellars, assistant general counsel, litigation support for Walmart Legal, and Julie Hackler, account executive at Avansic, led the team of 14 professionals with backgrounds in e-discovery, security, IT technologies, and litigation support in creating the tool. Over several months of collaborative effort, the team identified seven key security areas for audit, developed checklists and audit questions, and built and tested the questionnaire.  The complete list of EDRM Security Audit team members is included below and on the questionnaire.

The seven security disciplines addressed in the audit questionnaire include:

  • General Security
  • Security and Risk Management
  • Asset Security
  • Communications and Network Security
  • Identity and Access Management
  • Security Operations
  • Software Development Security

The security survey evaluates an organization’s data security and practices, allowing potential customers to assess the risk of entrusting sensitive data to the vendor. The tool can be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act, and security breach notification laws.

The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided.  The tool is also suited for organizations who wish to conduct a self-audit to assess security capabilities and identify areas for improvement.

The EDRM Security Audit Questionnaire is available for download in the resources section of the EDRM website. The EDRM members who contributed to the project are:

Julie Hackler, Account Executive, Avansic
Lance Waston, Chief Information Officer, Avansic
Beth Downing, Chief Operating Officer, Avansic
Amy Sellars, Assistant General Counsel, Litigation Support Group, Walmart Legal
Justin Hectus, Director of Information, Keesal, Young and Logan
Tom MacKenzie, Vice President of Data Privacy & Compliance, TCDI
Dean Van Dyke, Vice President, iBridge Global Services
Kris Kadlac, Paralegal, Richman Greer, PA
Andy Sokol, Director, CopyScan Technologies
Michael Cammack, Chief Information Officer, Nightowl Discovery
Lilith Bat-Leah, Director of ESI Solutions, Bluestarcs
Deanna Fleener, Director of Managed Services, LDiscovery
David Thomas, Enterprise Business Development Manager
Kit Bright, Sr. Coordinator Information Systems, Gibsons
Tom Gelbmann, Co-Founder, EDRM
George Socha, Co-Founder, EDRM, and Managing Director, BDO

 

About EDRM

The Electronic Discovery Reference Model (EDRM) creates practical resources to improve e-discovery and information governance. Since 2005, EDRM has delivered leadership, standards, best practices, tools, guides and test data sets to improve electronic discovery and information governance. Member individuals, law firms, corporations and government organizations actively contribute to the direction of EDRM. In 2016, EDRM became part of the Center for Judicial Studies at Duke Law School. EDRM expands the center’s efforts to provide educational and professional resources in electronic discovery and information governance in support of its mission to promote a better understanding of the judicial process and generate ideas for improving the administration of justice. Visit EDRM.net/join/ to become a member. To learn more about the Duke Law Center for Judicial Studies, visit https://law.duke.edu/judicialstudies.

 

Contacts:

James Waldron
EDRM
james.waldron@law.duke.edu