Bringing eDiscovery In-House for Dummies


Published on

Bringing eDiscovery In-House for Dummies

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bringing eDiscovery In-House for Dummies

  1. 1. Compliments of Bringing eDiscovery In-House on actice Special Editi Find out what EMC Compliance Pr you need to know to implement an A Reference in-house program! for the Rest of Us! ® FREE eTips at® Jake Frazier, Esq.
  2. 2. About EMCInformation is a business’s most important asset. EMC provides the tools that can help you capitalizeon it. By bringing our systems, software, services, and solutions together, we can work with you to puta comprehensive information infrastructure to work for your business.We help customers design, build, and manage intelligent, flexible, and secure information infrastructures.These infrastructures are the versatile foundations on which organizations can implement their informationlifecycle strategies, secure their critical information assets, leverage their content for competitive advantage,automate their data center operations, reduce power and cooling costs, and much more.With an information infrastructure, people can avoid the potentially serious risks and reduce the significantcosts associated with managing information, while fully exploiting its value for business advantage.We help a range of customersEMC works with organizations around the world, in every industry, in the public and private sectors,and of every size, from startups to the Fortune Global 500. Our customers include banks and otherfinancial services firms, manufacturers, healthcare and life sciences organizations, Internet service andtelecommunications providers, airlines and transportation companies, educational institutions, andpublic-sector agencies. Customers benefit from our expertise in key business and IT capabilities.EMC helps customers meet critical business challenges with a comprehensive set of offerings that include:• Solutions — We have assembled the right mix of products and services from our own offerings and those of our partners to address a variety of specific situations. Our solutions meet the challenges faced by different industries, functional situations, and different-sized businesses.• Services — We offer the full range of services to design, build, and implement your information infrastructure, including comprehensive consulting services, implementation and integration, onsite operational support, as well as industry-leading training and customer support.• Software — We provide the industry’s broadest, most robust line of information infrastructure software for addressing business challenges such as: archiving, backup and recovery, business continuity and availability, collaboration, content management, data mobility and migration, resource management, compliance, and virtualization.• Systems — We offer the industry’s broadest line of tiered storage platforms and technologies, providing a comprehensive range of performance, scalability, functionality, and connectivity options.Strong leadership recordEMC has a long tradition of innovation and leadership. During 2006, we invested nearly $4 billion inResearch & Development and strategic acquisitions that strengthened our core capabilities and extendedour reach into new, rapidly growing markets.This commitment led to IDC’s designation of EMC as a market leader in the external storage systems, totalstorage software, and virtualization software markets. According to the Gartner Magic Quadrants, welead the industry in enterprise content management, midrange enterprise disk arrays, storage resourcemanagement, security and information and event management, Web access management, and storageservices. We hold the most stringent quality management certification from the International Organizationfor Standardization (ISO 9001), and our manufacturing operations hold an MRP II Class A certification.A worldwide presence and global citizenshipWe are represented by more than 100 sales offices and distribution partners in more than 80 countries.We employ more than 33,000 people worldwide, including more than 8,500 at our Massachusettsheadquarters. Our R+D organization includes facilities in Massachusetts, North Carolina, Belgium, China,France, India, Israel, Japan, and Russia, with additional manufacturing facilities in California and Ireland. Wehave the world’s largest storage-dedicated direct sales and service force, and have a large network both ofresellers, including Dell, Unisys, and NCR; and alliance partners, including Accenture, EDS, and Microsoft.We are committed to acting in a socially and environmentally responsible manner and to being anattentive and thoughtful neighbor in our local and global communities. We are a publicly traded company,listed on the New York Stock Exchange under the symbol EMC, and are a component of the S&P 500 Index.
  3. 3. Bringing eDiscovery In-House FOR DUMmIES ‰ EMC COMPLIANCE PRACTICE SPECIAL EDITION by Jake Frazier, Esq., Teresa Luckey, and Joseph Phillips
  4. 4. Bringing eDiscovery In-House For Dummies® EMC Compliance Practice Special Edition ,Published byWiley Publishing, Inc.111 River StreetHoboken, NJ 07030-5774Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, IndianaPublished by Wiley Publishing, Inc., Indianapolis, IndianaNo part of this publication may be reproduced, stored in a retrieval system or transmitted in anyform or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without theprior written permission of the Publisher. Requests to the Publisher for permission should beaddressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN46256, (317) 572-3447, fax (317) 572-4355, or online at Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference forthe Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way,, andrelated trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or itsaffiliates in the United States and other countries, and may not be used without written permission.EMC and the EMC logo are trademarks or registered trademarks of EMC Corporation. All other trade-marks are the property of their respective owners. Wiley Publishing, Inc., is not associated with anyproduct or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETE- NESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITU- ATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PRO- FESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRIT- TEN AND WHEN IT IS READ.For general information on our other products and services, please contact our Customer CareDepartment within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.ISBN: 978-0-470-34439-2Manufactured in the United States of America10 9 8 7 6 5 4 3 2 1
  5. 5. Publisher’s AcknowledgmentsWe’re proud of this book; please send us your comments through our online registra-tion form located at For details on how to create acustom For Dummies book for your business or organization, contact For information about licensing the For Dummies brand for products or services,contact BrandedRights& of the people who helped bring this book to market include the following:Acquisitions, Editorial, and ProductionMedia Development Project Coordinator: Kristie ReesDevelopment Editor: Ryan Williams Layout and Graphics: Reuben W. Davis,Project Editor: Jennifer Bingham Stephanie D. JumperEditorial Manager: Rev Mengle Proofreader: David FaustBusiness Development Representative: Sue BlessingPublishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary Bednarek, Executive Director, Acquisitions Mary C. Corder, Editorial DirectorPublishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Kristin A. Cocks, Product Development DirectorPublishing for Travel Dummies Michael Spring, Vice President and Publisher Kelly Regan, Editorial DirectorComposition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services
  6. 6. Contents at a GlanceIntroduction.......................................................1Chapter 1: Understanding the Problem ................5Chapter 2: Assembling a Cross-FunctionalTask Force .........................................................9Chapter 3: Communication: Can’t We AllJust Get Along?................................................15Chapter 4: Taking It In or Leaving It Outside .....21Chapter 5: Selling the Vision Internally .............27Chapter 6: Building an Implementation Plan......31Chapter 7: Working with a Quality Policy..........35
  7. 7. Table of ContentsIntroduction .......................................................1 About This Book .........................................................................2 Foolish Assumptions ..................................................................2 How This Book Is Organized......................................................3 Icons Used in This Book.............................................................4Chapter 1: Understanding the Problem .................5 The Phases of eDiscovery..........................................................5 Preservation and Collection ......................................................6 Processing....................................................................................7 Review and Production ..............................................................7Chapter 2: Assembling a Cross-FunctionalTask Force..........................................................9 Putting the Team Together ........................................................9 Legal Meet IT, IT Meet Legal ....................................................10 Records Management...............................................................12 Human Resources .....................................................................13 Security ......................................................................................13 Lines of Business ......................................................................14Chapter 3: Communication: Can’t WeAll Just Get Along? ...........................................15 Skipping the Slang, Junking the Jargon, Axing the Acronyms ........................................................................15 Spend Some Quality Time Together .......................................17 Legal Can Learn IT’s Lingo.......................................................17 IT Can Learn Legal’s Lingo.......................................................18Chapter 4: Taking It In or Leaving It Outside ......21 Making Up Your Mind about Preservation and Collection ...21 Deciding What to Do with Processing ....................................23 Making the Decision on Review and Production ..................23 The review process ........................................................24 Hosting data in the review tool.....................................24 The actual review of documents ..................................25
  8. 8. vi Bringing eDiscovery In-House For Dummies Chapter 5: Selling the Vision Internally ..............27 Using Scare Tactics ...................................................................27 Pooling Resources: ROI ...........................................................28 Chapter 6: Building an Implementation Plan ......31 Starting from Square One.........................................................31 Project Management.................................................................32 Establishing a Timeline ............................................................32 Setting Milestones for Your Plan.............................................33 Paying for Your Plan .................................................................33 Training the Staff.......................................................................34 Review and Evaluation .............................................................34 Chapter 7: Working with a Quality Policy...........35 Slipping into the Sixth Sigma...................................................35 Using Homegrown, In-House Quality Solutions ....................37
  9. 9. IntroductionI f the rash of corporate scandals in the early part of this decade has taught us one thing, it’s that e-mails liveforever. After seeing corporate executives go to prison basedlargely on e-mail and other digital evidence retrieved fromcomputer systems, virtually every government investigatorand party to a lawsuit wants to get their hands on anypotential electronic evidence.To ensure that nobody gets any bright ideas (“Let’s just deleteeverything!”), various governmental agencies have introducedlaws, such as Sarbanes-Oxley and SEC 17a-4, that set forthdocument retention requirements with very heavy sanctionsfor noncompliance — even jail time! Dozens of courts havelevied costly and embarrassing sanctions on parties of law-suits that couldn’t properly produce their electronic records.The Federal Rules of Civil Procedure were even amendedrecently to accommodate and govern this new phenomenonas it relates to litigation. The process that corporations andgovernment agencies go through to search, preserve, andeventually review and produce their relevant electronic datato satisfy their production obligations under these rules isgenerally called electronic discovery, or eDiscovery for short.Initially, most organizations could barely keep up with their obli-gations to produce data. The last thing on their collective mindswas whether the process they were using made financial senseand could be built upon to make future eDiscovery requests lesspainful. Some thought the issue would be a flash in the pan andwould soon subside. Now that a few years have passed, mostorganizations have come to understand that performingeDiscovery is a cost of doing business that isn’t going away.Now that eDiscovery is here to stay, enough quantitative datais available to analyze related processing and spending habitsand improve them, just like any other business process. Mostcorporations are firm believers in avoiding future problemsby adopting good preventative habits. Think of it as goodvirtual brushing and flossing to avoid a costly root canaldown the road.
  10. 10. 2 Bringing eDiscovery In-House For Dummies Larger organizations may well find that they spend millions or even tens of millions of dollars per year fulfilling their eDiscovery obligations. Much of this expenditure is allocated to sending data to outside vendors, consultants, and law firms for costly processing and review. Up until now, this was neces- sary because the machinery and equipment, proprietary soft- ware, and expertise simply weren’t readily available for a corporation to purchase and implement successfully. When these became available over the past few years, it was still somewhat difficult to internalize. From a budgetary perspec- tive, not enough was known about this phenomenon to make sound financial decisions about obtaining a positive return on investment. Now, the time is ripe for many organizations to seriously consider bringing eDiscovery in-house. About This Book Creating and implementing an eDiscovery solution for your company can be a monumental effort — that’s why some busi- nesses exist to handle the whole process for you. Taking over some or all of those responsibilities for yourself can be a daunting task. So you need to understand as much as you can before you start making decisions. This book helps you analyze the issues surrounding in-house eDiscovery, so that you can determine what is right for your organization. You’ll see what processes can effectively be brought into your operation, and what challenges you’ll face in implementing those changes. After all, nobody ever said saving money and time was going to be easy. By the time you’re finished with this book, you should be able to analyze the needs of your business and decide what por- tions of the eDiscovery process you should perform yourself. Whether your company wants to take on a little or a lot, you at least know the direction to go. Foolish Assumptions You don’t have to be a computer expert to understand this book, but we didn’t start from square one, either. So, here’s what we assume you know before you start reading:
  11. 11. Introduction 3 You’re generally familiar with eDiscovery and what it entails. You know why you might have to retain and produce some of your documents. You understand that e-mail, electronic documents, and other records can be stored in a variety of locations. Your business makes use of several different forms of electronic communication, like computers (both desktop and laptop), PDAs, networked storage, and other devices.How This Book Is Organized This book is divided into seven chapters for easy navigation. That way, you can either read all the way through the book in order or skip ahead to what you want to know right now. Chapter 1: Understanding the Problem: This section brings eDiscovery into focus for your company and examines what any successful policy has to achieve in order to keep your data (and your company) out of harm’s way. Chapter 2: Assembling a Cross-Functional Task Force: This chapter talks about the talent you need in order to bring eDiscovery functions in-house. You find out who has to be involved and what services they provide. Chapter 3: Communication: Can’t We All Just Get Along?: Here’s where you find out why it’s important to keep the lines of communication open. Clear and understandable language is key to keeping the process on-track. Chapter 4: Taking It In or Leaving It Outside: You can’t have everything all the time, and this section helps you decide what functions of eDiscovery make sense to bring inside your company. Leaving something outside your company can be just as important and cost-effective as doing it yourself. Chapter 5: Selling the Vision Internally: This chapter helps you sell the plan you want to implement to those who make the decisions. The best plan isn’t worth anything if you can’t convince anybody to execute it.
  12. 12. 4 Bringing eDiscovery In-House For Dummies Chapter 6: Building an Implementation Plan: After everything is ready, you need to establish a plan for actually putting everything in place. This chapter helps you set the guidelines and benchmarks toward bringing eDiscovery into your company’s normal functions. Chapter 7: Working with a Quality Policy: The final section takes a look at the Six Sigma process and how it relates to eDiscovery. You may find understanding Six Sigma extremely helpful in charting and implementing your company’s plan. This chapter also includes some information on developing your own in-house quality policy. Icons Used in This Book In the margins of this book, you’ll see some helpful little icons that help flag particular types of information: This icon flags information that you should make a definite effort to, you guessed it, remember. A Tip icon stands beside information that can save you time or give you insight that will make your life a little easier. This icon tells you that you’re reading something that could really cause you or your company trouble.
  13. 13. Chapter 1Understanding the ProblemIn This Chapter Understanding the phases of eDiscovery Knowing where expenses come in Grasping the scope of the information involved in eDiscovery L ike with any business venture, you have to know the market before you jump in and get involved. Make no mistake — bringing eDiscovery in-house is a major undertak- ing, should you choose to initiate the process. That’s why you’re looking to understand the components and challenges now. This chapter explains the biggest parts of the eDiscovery process and shows you what costs may be involved. Understanding these issues can help you realize how taking some of these steps in-house could be beneficial to you and your company.The Phases of eDiscovery The flowchart shown in Figure 1-1 may look a little compli- cated, but it boils down to three basic steps, each of which presents its own challenges and costs.
  14. 14. 6 Bringing eDiscovery In-House For Dummies Electronic Discovery Reference Model Processing Preservation Information Identification Review Production Presentation Management Collection Analysis Figure 1-1: The eDiscovery Flowchart. Preservation and Collection Preservation and collection is the process of locating poten- tially relevant documents, quarantining them so that they are not destroyed, and bringing them together so that they can easily be moved to the next phase in the process. Doing this can be tricky because several sources could contain potential evidence. Sources like desktop computers and servers are relatively easy to identify, but digital information can be spread through a host of other devices and locations that need to be consid- ered. Not only does digital information reside in e-mail accounts, but also in archives that can be stored either on the computer or the server. Now factor in laptops, PDAs, smart phones, and other electronic devices. To make matters worse, IT organizations are required to create nightly backups of much of this information, which means yet another copy of each e-mail or file exists and must be dealt with. These electronic records contain not only the primary infor- mation but also metadata, or information about your informa- tion. This metadata establishes when the file was created, transmitted, modified, and sometimes gives information on dozens of other attributes. All of this information can be vital when pursuing an eDiscovery request, especially if the case is a “who knew what and when” case, or any other case where timing is important. Sometimes, a party to a lawsuit or a
  15. 15. Chapter 1: Understanding the Problem 7 government investigator challenges whether a piece of elec- tronic evidence has been tampered with — it is often by show- ing the metadata hasn’t been altered that one can establish authenticity. If you think of eDiscovery as a fishing expedition, the preser- vation and collection part of the trip is where you cast a wide net and try to get as many fish (or as much information) as possible. From there, you have to take a look at what you’ve caught (and throw back what you don’t need).Processing The problem with casting a wide net is that although it brings everything that might be relevant into the proceedings, it also results in a huge amount of data that needs to be sifted through and evaluated. It also means that several copies of the same message or file could be included in the search. If you think of all the places where you read your mail or docu- ments, you’ll understand where all of these copies come from. Now factor in all of the other people reading the same mes- sage or working on the same file. It should be obvious how big of a mess this could be. Processing the data involves using keywords, dates, file types, and custodian ownership to ensure you have the smallest subset of data possible and then converting the documents into a format that is easily reviewed by attorneys and pro- duced to the concerned parties. This phase whittles down the number of potential data sources that need to be examined and turned over. All inter- ested parties agree to the keywords and vital statistics that will be used in this procedure, and the results are shared in the next step of the eDiscovery process.Review and Production The review and production phase carries the highest price tag, and is the key to understanding the financial implications of the eDiscovery process. The most important factor of this
  16. 16. 8 Bringing eDiscovery In-House For Dummies cost is the number of documents that your outside counsel needs to review for privilege and relevance. The processing phase may have reduced the number of docu- ments using electronic means, but lawyers will still need to review the documents to make sure they’re actually applica- ble to the request in question. Your lawyers must be very careful in how they tag a docu- ment. For example, if a document or e-mail contains attorney- client privileged communication, and a lawyer inadvertently miscodes this document and produces it, the attorney-client privilege can be waived. Because of this, attorneys can only review a few hundred documents a day. Consider that 1 gigabyte of data represents perhaps 10,000 documents or e-mails, and it might take an attorney a week at least to review those documents. If that attorney is charging $300 per hour for eight hours a day and takes a week, that’s a cost of almost $12,000 per gigabyte for attorneys to review documents. Now imagine your eDiscovery case contains 200 gigabytes slated for attorney review! Now you understand how the costs can rack up so quickly. Now imagine that 75 percent of those documents could have been deleted before the litigation arose if the company had properly implemented a sound record retention policy (think throwing back some of the unnecessary fish mentioned ear- lier) or filtered out by an in-house eDiscovery technology before they got to this expensive step in the process. Details about how this phase can be handled are often the most com- pelling impetus for bringing eDiscovery in house, and are the easiest to demonstrate to other stakeholders in the organization.
  17. 17. Chapter 2 Assembling a Cross- Functional Task ForceIn This Chapter Choosing your team members Getting different departments to work together Splitting the bill effectively B ringing a huge operation like eDiscovery in-house means a lot more work to handle internally. The process goes more smoothly if that work is distributed evenly and every- body involved plays her part. By splitting up this monumental task, eDiscovery can be accomplished more effectively with- out putting too much strain on any one person or department.Putting the Team Together Depending on the size of your business, you could have several different departments with stakes in the eDiscovery process. Each department has its own perspective on the problem and how to solve it. Your legal department may be comfortable with the amount of data you have to retain, but your IT team may be shaking their heads at the amount of storage they’re required to maintain and the scheduled backups they have to administer. Typically, no group has the funding, the skills, or the knowl- edge necessary to solve this problem on its own. That’s why having a cross-functional task force is critical. By working together, each department can help produce an efficient eDiscovery effort.
  18. 18. 10 Bringing eDiscovery In-House For Dummies Above all, this group must have executive sponsorship. Without effective leadership and backing, this group could be dead in the water. A good place to start is your organization’s compliance department or officer. Your company may have a governance risk and compliance (GRC) initiative underway. This is often the best place to start investigating how to obtain executive sponsorship. If your organization has not yet kicked off such a group or initiative, the General Counsel or CFO may be candidates for executive sponsorship. The single largest factor in determining the eventual success or failure of this taskforce is the team makeup — many dynamics need to be understood in choosing the team mem- bers. You want to select team members that can cooperate with each other and effectively balance their departments’ needs and wants with the overall goal of the operation. One ancillary benefit of ensuring a truly cross-functional task force is that the team has many buckets from which to request budget money. If a particular software application achieves goals of two or more departments, those depart- ments may pool their resources and split the bill. There’s nothing like lowering costs to make executives take notice and approve the needed actions. Legal Meet IT, IT Meet Legal Your legal and IT departments are probably the two most important departments involved in this effort to create in- house eDiscovery. Legal has the knowledge of the eDiscovery process and what needs to be done to make all of the relevant information available and applicable. IT has the skill and equipment to accomplish the goals of the eDiscovery process. Despite these complementary skills, though, it’s sometimes hard to get these two departments to work together. Each department has its own mindset and jargon, and each has its own corporate culture. Sometimes, it can seem that these two groups are diametrically opposed. The rift between legal and IT has been narrowing recently, though. Now that the eDiscovery process is much more preva- lent, more source data is available for quantitative analysis of what eDiscovery means and how much it can cost (including the TCO, or total cost of ownership of litigation support software
  19. 19. Chapter 2: Assembling a Cross-Functional Task Force 11applications). More than that, eDiscovery’s higher profilemeans everybody knows about the procedure and why it’sso important.Another driver that brings Legal and IT together is thecommon threat of a 30(b)(6) deposition. This legal ruleenables an adversary to require a corporation to answercertain questions; the corporation must then designateemployees to answer on its behalf. In eDiscovery matters,IT personnel are almost always needed to answer questionsabout e-mail systems, backup processes, and related IT mat-ters. Because the appointed person’s answers are binding onthe company, that person must understand the process —and the lawyers want to understand the answers before thedeposition. Having the right person designated before anycase begins is therefore very important. Plus, under theamended FRCP, a similar process might take place at the“meet and confer” meeting — in the first 120 days after thecase has started!This greater familiarity with eDiscovery bodes well for Legal/ITrelationships, because it provides a common ground withwhich to tackle these issues. In fact, many large organizationshave now put together cooperative departments called LegalIT or another similar name. These departments can reallyexpedite an organization’s ability to deal proactively witheDiscovery and related objectives. A Legal IT departmentcreates a single reporting structure for both technologists andlegal personnel. The team’s members may come from diversebackgrounds, but they’re all working toward a common goal.This creates an atmosphere of teamwork and fosters problem-solving. The group is typically led by a senior professional,known as a Director of eDiscovery. Typically this is an individ-ual who has gone to law school as well as having a back-ground in technology. This person can often speak both“languages.” (For more on communications, see Chapter 3.)Not all companies are large enough to support such anorganizational change, and sometimes such a shift just isn’tpossible. In those instances, task forces are the next bestthing. Pulling together the right people from different depart-ments can go far toward making your eDiscovery efforts suc-cessful. Executive sponsorship can go a long way in fosteringteamwork and unselfishness as well. The right leader can pulltogether these members and make working toward a commongoal a lot easier and more rewarding.
  20. 20. 12 Bringing eDiscovery In-House For Dummies Records Management Records management means a lot more than just organizing papers into boxes and throwing them into a dusty storage bin. Keeping track of every little piece of an organization’s vital information is an important and necessary part of business, and it involves many high-tech solutions. Today’s environ- ment of regulation, compliance, and eDiscovery challenges means that corporate record managers are more important than ever, and they have to be involved in all levels of the eDiscovery process. At the beginning of the eDiscovery explosion, it became clear that proper records management could drastically reduce costs downstream. For example, DuPont conducted a case study for one of its large litigations. In this one example, DuPont reviewed approximately 75 million pages of text at a cost of $24 million. When the case closed, the company per- formed a post-mortem to determine which of those records were past the date they were supposed to be deleted, per the company’s records retention policy. DuPont found that 50 per- cent of the records were retained in violation of its policy. In other words, DuPont spent $12 million paying attorneys to sit in a room and review documents for privilege when those doc- uments could have been legally destroyed had the company’s records retention policy been in full force. Companies usually take notice when your study shows that a multimillion dollar effort could be cut in half. Most companies are frustrated when they investigate how to apply their records retention policy to electronic records, though. Their policies may have been written long ago, when the volume of records paled in comparison to today. Some records retention policies may have thousands of types of records defined. This presents great difficulty when “teach- ing” technology to analyze billions of records — determining which class a record belongs to may be close to impossible. Re-evaluating and updating these policies can be a daunting task. Fortunately, it’s possible to both update and simplify records retention policies. Doing so makes it easier for technology to process the information and humans to review the findings. Because of this, involving a records retention specialist in the task force is very important.
  21. 21. Chapter 2: Assembling a Cross-Functional Task Force 13Human Resources Even though human resources professionals are separate from the Legal or IT departments, their connection to elec- tronic records makes them an integral part of efforts to bring eDiscovery in-house. HR departments typically find them- selves needing to perform internal investigations stemming from complaints of harassment or discrimination, violations of acceptable use of company equipment policies, and other internal matters involving electronic records. They often need to restore e-mail and documents for many employees, sometimes even from those who have long since left the com- pany. They also have to examine records and search for possi- ble violations of corporate policy. This process is not unlike eDiscovery. In fact, when the task force eventually decides what applications to buy for future eDiscovery collections, HR may wish to participate and even contribute some of their budget that is earmarked for investigatory tools.Security Just as their name implies, security is charged with making sure that everything from the actual physical place of busi- ness to all of the materials and data inside that company’s systems are kept safe. Protecting from the loss of trade secrets is a key initiative in most corporate security depart- ments these days. Imagine if a top sales rep leaves a company for a competitor and takes with him a complete pricelist and territory plan that includes details of prospects and customers, complete with contact information. The financial impact is nearly incalculable. Many security organizations are charged with performing “surveillance” on their networks to identify instances of inappropriate storing of such information on shared network drives or desktops. Other security or compliance groups may need to scan for the presence of personal health information, Social Security numbers, or personal credit information on any manner of electronic devices. These critical documents need to be in a true document management system, and not floating free on desktops and fileshares.
  22. 22. 14 Bringing eDiscovery In-House For Dummies Crawling fileshares for data and analyzing and quarantining files based on content is extremely similar to preservation in eDiscovery. Often, the tools that enable the security and eDiscovery personnel to do their jobs are exactly the same. A company can purchase the necessary tools and allow multiple departments to make use of them — sharing costs, expertise, and maybe even personnel. This is another prime opportunity for budget-pooling and collaboration. Lines of Business It didn’t take long for organizations to figure out how to “charge back” eDiscovery costs to the lines of business that own the underlying problems. For example, a product liability case stemming from the poor engineering of a product is relatively easy to correlate with a certain product line within a company. That department might then be held responsible for the additional eDiscovery costs. There are a few ways to work the costs of eDiscovery into business operations: Some organizations simply pay for litigation costs out of their reserves Some file claims with insurance agencies Some charge back the costs to the responsible department(s) If the corporation is going to adopt this approach, then it is critical that the lines of business be represented on the taskforce as they likely will need to make prevention versus treatment decisions based on return on investment (ROI) analysis. In other words, the departments can offer advice on the best way to manage costs involved in eDiscovery and plan for eventual problems in the future. It’s better to plan for these matters now than to get hit down the road.
  23. 23. Chapter 3 Communication: Can’t We All Just Get Along?In This Chapter Eliminating roadblocks to communication Understanding different departments and jobs Standardizing the terminology used in the eDiscovery process E ach type of business has an accepted vocabulary, a collection of terms familiar to those in the business. This vocabulary may not make sense to the outside world, but it helps those people in that business communicate quickly and effectively. Even departments within that business develop their own verbal and written shorthand (ask your techie friends about an id10t code and see what they say). Bringing eDiscovery in-house means getting departments to put aside their own forms of communication and connect with each other effectively. Proper communication is the foundation to acting cross functionally. This chapter discusses several ways to increase the effectiveness of cross-border communications.Skipping the Slang, Junking theJargon, Axing the Acronyms Nothing turns a listener off more quickly than when a speaker uses hard-to-understand language. Imagine a conversation between a lawyer and an IT professional:
  24. 24. 16 Bringing eDiscovery In-House For Dummies Lawyer: Can you capture personal e-mails from our employees if those messages are sent from a company computer? IT professional: The application layer monitors SMTP traffic, but it cannot monitor HTTP traffic. Lawyer: You confuse and frighten me. Even a noted master of obscure terminology like a lawyer has a hard time with this IT talk. You can see that little is being communicated. But what if the IT pro tries another response: Lawyer: Can you capture personal e-mails from our employees if those messages are sent from a company computer? IT professional: We can capture e-mails if they are sent from a program on the computer, such as Outlook Express or Eudora. If they are sent using a Web-based e-mail system like Hotmail or Gmail, then we probably can’t get it. However, we can block our employees from using this type of e-mail account. Lawyer: Thank you. Let’s institute this policy and obtain lunch. This is real progress being made. Similarly, an IT professional’s eyes may glaze over if a lawyer says “Zubulake states we need to keep all data to avoid spoliation, even if we are going to make a 26(b) ‘not reason- ably accessible’ argument.” This is an unacceptable level of legal jargon. The lawyer will gain more friends by instead saying “Judges have fined other companies who didn’t preserve their backup tapes. We may never need to touch them, but we need to keep them.” In this case, the team is off to the right start. The overall message here is that all team members involved in the eDiscovery process need to translate their normal busi- ness language into terms that the average layman can under- stand. If all team members make a conscious effort to explain and clarify their points of view, the process will move more quickly and all the bases will be covered.
  25. 25. Chapter 3: Communication: Can’t We All Just Get Along? 17Spend Some QualityTime Together Relationships are important for the eDiscovery task force, just as in any other group. Each team member needs to trust the other team members and be assured the others aren’t being territorial or selfish. The team must have regular meetings and plan strategies in advance, as opposed to only gathering when a crisis hits and damage needs to be controlled. These meetings should offer everyone a chance to brief the team as to new developments in their areas, both internally as well as in the marketplace at large. Because it’s important for everybody to tend to their normal job responsibilities, you may have to look for time outside the normal work day to hold these gatherings. Consider happy hours and retreats as informal venues that tend to foster personal relationships. The digital age also makes other avenues available for infor- mation sharing. The eDiscovery task force can use its own newsletter, electronic messageboards, or virtual meeting spaces to further its goals. This allows team members to learn at their own pace or at long distances from others, if need be.Legal Can Learn IT’s Lingo Even with team members working on simplifying their termi- nology, there’s no substitute for knowledge. Taking the time to educate the team about other departments and their respon- sibilities can go a long way in managing the implementation of new policies. In addition to learning about the basic tasks and responsibili- ties of the IT department, the legal team members can also improve their understanding of the processes the IT depart- ment uses in its normal daily activities. Several reputable vendors can conduct workshops at your company’s site that enable this kind of education. eDiscovery is both a legal problem and a business process problem. Six Sigma is a very popular business process
  26. 26. 18 Bringing eDiscovery In-House For Dummies improvement methodology embraced by most large organiza- tions and held in high regard in most IT organizations (for more on Six Sigma, see Chapter 7). Learning this content at a high level can help the legal team express itself in terms more easily understood by IT professionals. Take, for example, a conversation between a lawyer and an IT professional regarding a misunderstanding on records retention times. Stating to that IT professional that “We need to have a serious meeting about making sure this never hap- pens again” is likely to elicit a negative or defensive response, causing problems between team members and maybe hinder- ing the implementation of needed policies. If the lawyer tries a different take on the situations and says “This process is a good candidate for a Kaizen,” he will probably elicit a cooperative response. Even if the IT department doesn’t follow the Six Sigma process, it can still be helpful to the lawyers to talk with them about their business process and understand what goes into making decisions and implementing their policies. That kind of understanding can be quite beneficial to all involved. Both printed and digital materials can be helpful in providing definitions for technical terms. Plenty of resources exist, ranging from technical Web sites to the more ubiquitous Wikipedia that can be helpful in clarifying terminology. Making frequent use of these resources can be helpful in making communication easier. IT Can Learn Legal’s Lingo Turnabout is fair play, after all. Having the IT department learn some basic legal terminology and concepts will go a long way toward making communication easier. IT folk may know which drives and tapes need to be retained, but know- ing why they have to be held for so long can be helpful. The first step is learning some of the basics of eDiscovery. Again, this is where print and digital resources can be of great value. A great place to start is The Sedona Conference. The Sedona Conference is a world-renowned organization dedicated to providing guidance on issues related to
  27. 27. Chapter 3: Communication: Can’t We All Just Get Along? 19eDiscovery. Many illuminating whitepapers can be down-loaded for free from their Web site at a small fee, a glossary can be downloaded that containsvirtually all the eDiscovery and even technical terms com-monly used in the process. It is an excellent idea for organiza-tions to purchase this glossary and use it to standardize theirterminology, which will help workers avoid misunderstand-ings. Not only does this help eliminate jargon, but it giveseverybody a common set of terms to use in implementingeDiscovery.It may be helpful for the legal department to put together asmall presentation on the specific legal issues involved witheDiscovery and how they apply to the company at large.Localizing the eDiscovery process to their specific situationcan help them understand the process easily.
  28. 28. 20 Bringing eDiscovery In-House For Dummies
  29. 29. Chapter 4 Taking It In or Leaving It OutsideIn This Chapter Understanding the eDiscovery phases Evaluating the benefits and drawbacks to bringing these phases in-house Making the best decision for your company in terms of cost and integrity A s discussed in Chapter 1, eDiscovery can be broken down into different phases. Your company may have the resources to bring all of those phases in-house, or you may have to pick and choose what your team has the time and resources to handle on its own. You can choose to bring in all decision-making and physical hosting and handling, or you can leave the latter phases to a vendor, consultant, or law firm and oversee what happens to the data. You can bring eDiscovery in-house in many ways, and each phase has its own specific considerations that you must keep in mind when deciding.Making Up Your Mind aboutPreservation and Collection Preservation and collection is the phase of eDiscovery most frequently brought in-house. Because this process involves identifying, locating, collecting, and preserving data that’s already under the control of the IT organization, it’s an obvious candidate.
  30. 30. 22 Bringing eDiscovery In-House For Dummies For example, certain IT personnel access data from e-mail servers almost every day. Having them retrieve some data from those archives is much less costly than having outside consultants or technicians come in and do it. It can be terribly expensive and disruptive to bring in outside consultants if there’s a large store of data like a RAID (redundant array of inexpensive disks) setup. It can also be a problem if the data must then be delivered to another location for further processing (which defeats the internalization of any further eDiscovery processes). However, outside consultants may be ideal in several circumstances, such as those outlined in this list: If the data involved is on a large number of personal computers and not on any centrally located electronic devices If the consultant’s office location helps you to avoid further charges, like travel fees If your targets are not at your company’s headquarters If the nature of the case is so sensitive that having a neutral or quasi-neutral third party may help show a court how seriously you’ve taken the matter More than likely, you will find it to be more efficient to bring the data hosting and collection in-house for this phase. You’ll have to evaluate your own costs and needs, of course, but your data and records are already in your possession. It’s just a matter of making sure they’re stored and filed correctly. Keep in mind that a careful eye should be kept on the preser- vation phase, because it’s an activity you get only one chance to get right. Once a record is lost or deleted, it’s gone. There are no do-overs. This is further complicated by the fact that a large organiza- tion may have dozens of outside counsel and hundreds or thousands of holds to manage. Many have found great relief in the eDiscovery realm by consolidating the list of preferred outside counsel, and utilizing state-of-the-art software applica- tions to manage all the litigation holds. These two steps can drastically decrease the amount of errors or omissions in the preservation and collection phases of eDiscovery.
  31. 31. Chapter 4: Taking It In or Leaving It Outside 23Deciding What to Dowith Processing Processing is another phase of eDiscovery ideal for bringing in-house. It’s a relatively low-risk proposition, because this phase typically uses working copies of data instead of the actual data itself. If there were an error or other problem with the working copies, the data could theoretically be reprocessed. As long as proper care is taken to preserve meta- data, or information about the data (like time and date created or modified and the users who accessed the file), the copies should work in the processing phase. The infrastructure and applications necessary to bring this phase in-house aren’t prohibitively expensive, whereas ven- dors often have fairly expensive fees per-gigabyte in this area. Tasks like de-duplication (where duplicate records from sev- eral different sources are condensed to decrease the amount of data that needs to be reviewed by lawyers), keyword searching, and load file preparation (files used to bring data into several common programs) can now be done in-house for pennies on the dollar. This is a phase where both the decision- making process and the actual data handling should definitely be brought in-house. You retain control of the process and save a great deal of money at the same time. Large volumes of data may require the attention of outside vendors, because such organizations could be the only ones with the resources to handle those mass quantities of infor- mation. Courts aren’t likely to look favorably on delays in their proceeding because you can’t dig through your records in time. Also, if the case is so sensitive that it will require someone to testify as to the steps taken to avoid data loss, it may be advisable to rely on outside experts.Making the Decision onReview and Production Three aspects to the review and production phase require analysis and attention. This section discusses all three.
  32. 32. 24 Bringing eDiscovery In-House For Dummies The review process Many companies have been burned by outside counsel (who weren’t savvy in eDiscovery) demanding that the review be conducted in a costly manner. For example, some companies may have paid millions of dollars to make TIFF images (or even print out reams) of junk e-mails. Others may have had to repeat their document review because co-counsel didn’t share a common review platform (a program or service that contains the data in question and allows it to be examined), or they weren’t able to give access to each other. As you can imagine, the time needed to re-review the data doesn’t come cheaply. These problems explain why it is critical that the review process be designed internally, and that the decisions regard- ing review tools and methodology be made in-house. There is little risk here, other than the dangers of choosing a review platform that slows down the reviewers, doesn’t utilize cutting- edge technology like native file reviews, or that lacks the abil- ity to review the files and their metadata in their original state as opposed to copies made on different media, like paper copies. Hosting data in the review tool Hosting and reviewing data could potentially be very expen- sive if not brought in-house. When loaded into the review tool, your information might carry with it an initial cost of $1,000 per gigabyte for loading and processing, and another $150 per gigabyte per month to sit in the review tool’s repository. This cost is incurred even if your information isn’t being touched. Pricewise, it makes sense to look at bringing this process into your organization. However, doing so isn’t the easiest thing in the world. It’s criti- cal that the IT department can support the application both inside your company and out, because parties outside of your organization will use it. It’s imperative that the application is secure, as you’ll need to manage access to the data. Outside counsel may need to see the information, but nobody else should be able to see your sensitive data. Next, the infrastructure must be able to support a high “uptime” percentage. Speaking plainly, that means that those
  33. 33. Chapter 4: Taking It In or Leaving It Outside 25using the platform have to be able to get access whenever andwherever needed.Disaster recovery and business continuity must be consid-ered as well. Can the IT department guarantee that, in case offire, flood, power surges, or other problems, the data will beavailable? Will they still be able to support their normal tasksat the same time, or will additional help be necessary? Also,who will handle support for users who need help at 3 a.m.(which often happens with large document reviews)?If all of these questions can be answered to your (and yourbudget’s) satisfaction, then licensing review tools internallyand hosting the data yourself will save a great deal of money.It will also allow for repeatable business processes andincrease collaboration between inside counsel, outsidecounsel, and co-counsel.The actual review of documentsYour legal department isn’t likely to have enough lawyersto review documents in large eDiscovery cases. Aside fromexpanding the number of lawyers in your department, youcan’t do much to change this situation.However, owning the review process itself can certainly help.For example, if a corporation has “contract reviewers” hired,your law firm can use them at a lower cost than any associ-ates that might be employed by outside counsel. Contractingthose reviewers ahead of time allows you to maintain a firmergrasp on review costs. Also, having preferred tools andvendor lists that your outside counsel must abide by canbe extremely helpful in several ways. You can: Standardize on a tool, ensuring data can be reused. Optimize your buying power by consolidating all of your projects with one vendor — with pre-negotiated pricing. Choose tools that best lend themselves to your data. For example if you have a lot of CAD drawings, a tool with a native file emulator may save your outside counsel from having to TIFF everything or buy expensive CAD licenses
  34. 34. 26 Bringing eDiscovery In-House For Dummies While owning the process used to review documents is advan- tageous, it is probably not a good idea to actually conduct the review of documents (determining which documents are privileged and responsive). Outside counsel will need to make representations to the court about assertions of privilege and so forth, so it might be best leave to leave this to them. You may consider mandating your outside counsel to use contract reviewers if this is an option.
  35. 35. Chapter 5Selling the Vision InternallyIn This Chapter Using real-life examples to show the seriousness of eDiscovery Illustrating the savings of bringing eDiscovery in-house A fter you have a plan in place to bring eDiscovery phases inside your company’s operations, you probably have to sell somebody else on that plan to get it done. Unless, of course, you own your business, in which case we commend you for your foresight. If that’s not the situation, this chapter offers some strategic options for you.Using Scare Tactics Unfortunately, many employees throughout large organiza- tions don’t understand how serious issues like eDiscovery and records retention really are. Thus, they may wish to put these projects a little farther down on the priority list. It’s your job to push them a little higher, and that may involve scaring a few folks. There’s nothing like a good cautionary tale to make corporate executives realize that they don’t want to be like the last company to fall into problems. Letting your higher-ups know about these mistakes and missteps can go a long way in fur- thering your cause. You don’t have to look far for examples you can use. Think of maintaining a business justification document that bolsters your case, circulating a regular newsletter, or a “hall of shame” exhibit of eDiscovery or compliance snafus. Make sure it circulates widely through the organization, especially
  36. 36. 28 Bringing eDiscovery In-House For Dummies among the executives you’re targeting. Make sure to keep your organization up to speed on the pitfalls in this arena so leaders can make informed decisions regarding prioritization, sponsorship, funding, and the proper focus on eDiscovery issues. You may also want to take the time to tailor some of your doc- uments to specific departments. Electronic storage stories may be more effective for the IT department, whereas exam- ples of outrageous costs or prolonged legal issues may be more in tune for legal and executive personnel. Know your audience, and you’ll get better results. Pooling Resources: ROI Return on investment, or ROI, is a business planning tool that aids in decision support. Essentially, two alternatives are considered in a decision-making instance: The status quo Investing in an alternative product or service A product might require a $20 investment, but that investment will save $40 in other costs that were previously unavoidable. The ROI in this case is compelling and the product should be purchased. A little money up front can save more money down the road. Point out that bringing certain phases of eDiscovery inside the business will equal savings down the road. In today’s business climate, eDiscovery costs are unavoidable. Suppose that IT could implement a new procedure, using a program purchased by the company, that more effectively retained e-mail records and de-duplicated messages, making it easier to review and produce eDiscovery information. That software purchase and extra IT labor may cost a little bit more initially, but it will reduce the potential costs of hiring addi- tional associates or lawyers down the road. If that program could effectively reduce e-mail volume by 50 percent, the ROI can be calculated by determining the cost savings in attorney review fees for that data.
  37. 37. Chapter 5: Selling the Vision Internally 29It also means you won’t have to hire an outside vendor tomanage the process for you.Another factor to consider in your ROI calculations is time.How long will it take to obtain this return on investment? Ifthe software package produces the savings over 20 years, itmight be less compelling than an alternative that deliverssavings over the span of a few months. You’ll have to balancenot only the money returned, but also the time it takes to getthat return.
  38. 38. 30 Bringing eDiscovery In-House For Dummies
  39. 39. Chapter 6Building an Implementation PlanIn This Chapter Getting your plan together Selling your plan to the executives Evaluating and changing the plan down the road A ny way you put it, eDiscovery can be a difficult issue to understand. It is critical that this very complex subject be expressed in a way so that executives (likely the ultimate decision makers for large investments) can quickly and easily understand the cost-versus-benefit analysis. You should also be ready to show how and when the plan will be imple- mented and how you will be involved. Finally, you want to be able to demonstrate how this plan can be reviewed and changed as need be down the road.Starting from Square One Before you can present the plan, you have to actually get the plan together. Remember, this plan should include: An outline of the benefits achieved by implementing the plan The personnel involved The new programs or services needed The timeline for the implementation The goals involved in that implementation The final cost of the program
  40. 40. 32 Bringing eDiscovery In-House For Dummies Make sure that you’ve got all of the elements of your plan together, and include any contingencies that may occur. Planning ahead at this stage means you’ve avoided a lot of problems down the road. Project Management Other than the makeup of the team, the next most important factor in ensuring the success of this project is solid project management. This project will have many moving parts, and it will require input from many concerned parties. Given the importance of eDiscovery, be aware that you’re handling a high-stakes project. Consider involving a certified PMP Project Manager from your IT organization. This person will be familiar with the use of Gantt charts, Visio workflow documents, and other tools that will keep the team and the executives updated as to the status of the project. This person has the abilities necessary to maintain oversight over the project and keep everything on track. Think of her as the trail boss for your cattle drive. Establishing a Timeline When you’re making a change of this magnitude, you need to be able to keep things on track. You also need to let every- body know how long this change will take so that reasonable expectations can be met and the team members can see the light at the end of the tunnel. Make sure you establish how much time you’re going to need, and build in a little additional time for the inevitable overages and pitfalls that come along in life. It’ll be great if you’re finished ahead of schedule, but you don’t want to be caught unprepared. Remember, that’s part of what you’re trying to avoid with this plan in the first place.
  41. 41. Chapter 6: Building an Implementation Plan 33Setting Milestones for Your Plan You may know the end result that you want your plan to achieve, but you also need to know what steps along the way make that result possible, and in what order those steps need to happen. Milestones will help you recognize what’s going on with your plan at a certain time, and what still needs to be done to keep things on track. For example, suppose your overall goal is to bring data collection and review in-house. You’ll want to know when these steps will occur: Funds are available for purchase of new software and hardware. Team members are chosen and in place for your taskforce. IT staff is trained on new equipment. Legal has reviewed and signed off on the plan. Software and hardware are installed and functional. System has been tested and approved by IT. Data is ready for recovery and use by all interested parties. Establish a date for each milestone, and you’ll be able to keep your plan on track (or see when it’s behind schedule and act to get everything going again).Paying for Your Plan Part of ROI (return on investment) is making sure the initial investment gets made. Your plan should include a complete cost breakdown, including software, hardware, salaries, consulting fees, and any other expense that might be included
  42. 42. 34 Bringing eDiscovery In-House For Dummies in implementing your plan (your Starbucks habit should not be included here). Make sure your budget includes some headroom for expenses that will arise if you have to deal with unscheduled problems. Training the Staff Both your taskforce and any other personnel involved will be taking on new tasks and responsibilities. Make sure they have the tools and training they need to execute any new duties that result from your plan. Remember — eDiscovery is a new and rapidly changing field for most employees, especially if they’ve never had to worry about it before. By making training available, you’re preparing your company for a smooth transition. Before visions of costly classrooms fill your head, remember that the same digital technology that makes eDiscovery more manageable also makes educating your employees about it easier and more cost-effective. Research the available resources online and look at distance learning and in-house training sessions that keep your employees on-site and learning. Review and Evaluation After the plan is underway, you’ll want to hold regular meetings and receive status reports on how the implementation is going. This is where having a project manager is especially important. That person will be able to keep her focus on the plan and maintain oversight over the entire scope of the project. Based on your milestones and goals, you’ll be able to see what’s going on and what needs to be changed. Keep the focus on the overall goal and make the changes necessary to implement your final plan.
  43. 43. Chapter 7 Working with a Quality PolicyIn This Chapter Looking at Six Sigma Examining in-house quality policies A quality policy isn’t a policy that’s “real good.” A quality policy is an organization-wide policy that dictates how your organization will plan, manage, and then control quality in all projects. This policy sets the expectations for your projects, and everyone else’s, for metrics of acceptability. Quality policies fall under the big umbrella of quality assur- ance (QA). QA is an organization-wide program, the goal of which is to improve quality and to prevent mistakes. Those goals integrate well with the goals of eDiscovery, where quality assurance is more important than ever, so it’s a natural fit that these two programs coincide. The quality policy can be written by the geniuses within your organization, or your organization may follow a quality system and the proven quality approaches within these systems. Either way, you’ll have a framework in place to help you implement the changes you need in your business, whether they relate to eDiscovery or not.Slipping into the Sixth Sigma Unless you’ve been living in a cave the past few years, you’ve no doubt heard of Six Sigma. Six Sigma is a procedure that strives to reduce waste and errors, and constantly improve
  44. 44. 36 Bringing eDiscovery In-House For Dummies quality through the services and deliverables an organization produces. People trust the trial-and-error process. They try something, learn from their mistakes, and move on from there. Six Sigma, however, focuses on preventing the mistakes from entering the process in the first place; this is quality assurance. Prevent- ing problems is critical in eDiscovery, because once a mistake happens, it might be too late! The Six Sigma program was invented by the smart folks at Motorola during the 1980s. Their creation paid off with an increase in profits, customer satisfaction, and quality awards. Their program went on to be adapted as a standard for quality assurance by the American Society of Quality (ASQ). Visit ASQ at Motorola also received the Malcolm Baldrige National Quality Award in 1988 for their Six Sigma methodology. Figure 7-1 shows the range of possibilities for sigma. According to ASQ, most organizations perform at three to four sigma, where they drop anywhere between 20 and 30 percent of their revenue due to a lack of quality. If a company can perform at Six Sigma, it only allows 3.4 defects per million opportunities — which might mean per million documents reviewed. The primary points of Six Sigma are We don’t know what we don’t know. Makes sense, right? A lack of knowledge keeps organizations trapped in their current environment, losing revenue, and preventing progress. We don’t do what we don’t know. If you don’t know what you should be doing you can’t do it. We won’t know until we measure. Aha! The real action in Six Sigma is to measure in order to improve. We don’t measure what we don’t value. Six Sigma looks at what does and does not need to be measured, and then prompts the developer or project manager to act accordingly. If you value your programmers’ time, your software’s errors, and your customer satisfaction, you’ll measure them all. We don’t value what we don’t measure. This is a call to action! What should you be measuring that you’re not?
  45. 45. Chapter 7: Working with a Quality Policy 37 One Sigma from Mean Mean Relative frequency Six Sigma from Mean -3 -2 -1 0 1 2 3 Sigma from Mean Figure 7-1: Organizations operating at the Sixth Sigma allow only 3.4 defects per million.Using Homegrown, In-HouseQuality Solutions You don’t have to follow any prepackaged approach to quality in order to create quality. Your organization may have its own internal quality program that you and your project team must follow. And that’s just fine. Sometimes in-house programs are more fluid than the rigid programs from outside organizations. The danger, of course, is that a fluid approach may also be seen as a passive approach. The project manager must commit to the in-house quality policy and demand that the project team do the same. Any and all in-house solutions should have the following attributes: A written document that details the organization’s quality management approach. Verbal policies don’t count.
  46. 46. 38 Bringing eDiscovery In-House For Dummies A defined system to identify quality, and identified procedures for performing a quality audit. A quality audit proves that a project has followed the quality policy. Metrics and procedures on how to perform quality control (QC). QC is inspection driven, and the proce- dures may vary among disciplines within an organization. A boilerplate quality management plan that all projects use to guide project planning, execution, and comple- tion. The quality management plan sets the rules of how a project should perform and defines the expectations of the project manager to achieve the expected quality. Procedures on how to update, change, or challenge the quality management plan. This is an important component because there will likely be circumstances that require the quality plan to flex, change, or evolve. If the quality management plan doesn’t define this procedure, then you may fall victim to the old adage: The reason we’re doing it this way is because we’ve always done it this way.
  47. 47. Notes
  48. 48. Notes
  49. 49. When information comes together, your infrastructure is litigation-ready.Before a subpoena hits, build efficient, proactive, and repeatable business processes foreDiscovery and practical records and information management. With EMC® technologyand solutions, you’ll move your organization to secure, enterprise-class, policy-basedinformation management, de-duplication, forensically sound search, collection andpreservation, and assured deletion. The result: Costs and risk go down, responsivenessgoes up.Visit for a practical approach to addressing eDiscoverychallenges.
  50. 50. Re-examine eDiscoveryFocus on bringing eDiscovery in-house with an EMCworkshop or assessment.EMC® Information Policy Management Workshops and the EMC Assessment for Reten-tion and eDiscovery strategically position your organization to meet your legal obliga-tions. We apply experience, expertise, and best practices from countless engagementsto your specific needs so you can be confident you’re focused on the right solutions.For more information, visit
  51. 51. Analyze the needs of your business Understand the eDiscovery phases Decide what pieces Calculate the savingsof the process to and costs of bringing eDiscovery in-house bring in-house Grasp the scopeThis book helps you analyze the issues surrounding of the informationin-house eDiscovery, so that you can determine what involved in eDiscoveryis right for your organization. You’ll see what processescan effectively be brought into your operation, and what Choose your teamchallenges you’ll face in implementing those changes. membersYou need to understand as much as you can before youstart making decisions! Get different departments to work together and eliminate roadblocks to communication ain English Explanations in pl ” formation “Get in, get out in Find listings of all our books vigational aids Icons and other na Choose from many Top ten lists different subject categories and fun A dash of humor Sign up for eTips at etips.dummies.comISBN: 978-0-470-34439-2Book not for resale