This document discusses information security risks in the eDiscovery process and best practices for managing them. It identifies common risks like hand-offs of data between parties and a lack of access controls. A process-driven approach is recommended, with defined roles and responsibilities across organizations. Hallmarks include addressing security in project plans, encryption of data in transit and deliverables, access control, and auditing compliance. The document provides examples of protective order terms addressing various data types and controls. It also discusses certifications and evaluating partners' security practices.