Legal hold considerations for IT involve preserving electronically stored information (ESI) related to custodians placed on legal hold. Key areas for IT to address include: establishing notification procedures when a legal hold is initiated, maintaining an accurate list of custodians and matters, securely storing collected assets in an auditable manner, ensuring email preservation, training help desk and support staff on legal hold processes, and properly disposing of or reusing media from terminated custodians. The goal is to partner with legal to understand their needs while implementing controls to reliably preserve relevant ESI during litigation.
Managing Electronic Records Within A Federal Government Workplaceguest9269676
Ken Matthews, an ERM Program Manager at USAID, discusses challenges with managing electronic records and provides guidance. Some key challenges include the massive and growing volumes of electronic records, issues with authenticity and integrity over time, and difficulties with search, retrieval and findability. Matthews outlines topics to consider like identifying records across different media, essential factors for management, and functional requirements for an electronic records solution. He also discusses records lifecycles, legal obligations around electronic discovery, and the role of organizations like NARA in providing guidance and long-term preservation of federal records.
2.5 safety and security of data in ict systems 13 12-11mrmwood
The document discusses various threats to the safety and security of data in ICT systems, including internal threats like disgruntled employees and external threats such as hackers. It also covers different types of threats like viruses, trojan horses, and logic bombs, and methods that can be used to protect against these threats, such as firewalls, virus protection software, and restricting access privileges. The document stresses the importance of security policies, procedures, monitoring, and training employees to help prevent security breaches.
The document discusses various topics related to asset management and data security in an IT environment. It covers:
- The importance of having policies for classifying, retaining, and destroying assets like data, hardware, software and documentation.
- Defining roles for data owners, custodians, system owners and administrators.
- Methods for securely storing, transmitting and destroying sensitive data.
- Vulnerabilities that can affect web-based systems and ways to assess security risks through scanning and testing.
Technological safeguards, physical access restrictions, firewalls, encryption, virus monitoring and prevention, audit-control software, and secure data centers are commonly used methods to safeguard information systems. Organizations should also implement human safeguards like ethics, laws, computer forensics, and effective management. Developing a comprehensive information security plan that includes risk analysis, policies and procedures, disaster planning, and responding to security breaches is important for organizations to protect their information systems.
Technological safeguards, physical access restrictions, firewalls, encryption, virus monitoring and prevention, audit-control software, and secure data centers are commonly used methods to safeguard information systems. Organizations should also implement human safeguards like ethics, laws, and effective management. Developing a comprehensive information security plan that includes risk analysis, policies and procedures, disaster planning, and responding to security breaches is key to protecting information systems.
This document discusses best practice standards for electronic record keeping. It notes that organizations typically have high volumes of electronic messages and documents stored in disorganized ways. This can lead to risks like unauthorized access, loss of data, inability to find records, and non-compliance. The document recommends following standards like AS 4390 and ISO 15489 to properly classify, index, track, appraise, and dispose of records in all formats. Implementing electronic record keeping systems requires identifying requirements, assessing current systems, designing controls, training staff, and ongoing review and improvement.
An effective records management program has several important business benefits:
1. It controls the creation and growth of records by limiting unnecessary documents and establishing retention schedules to destroy obsolete records. This stabilizes record growth over time.
2. It reduces operating costs by allowing inactive records to be stored off-site more cheaply and freeing up office space. For a typical 30 person office, cost savings could be $7,000 annually.
3. It improves efficiency and productivity by enhancing information retrieval through well-designed filing systems and indexes, allowing staff to access needed information more quickly.
Managing Electronic Records Within A Federal Government Workplaceguest9269676
Ken Matthews, an ERM Program Manager at USAID, discusses challenges with managing electronic records and provides guidance. Some key challenges include the massive and growing volumes of electronic records, issues with authenticity and integrity over time, and difficulties with search, retrieval and findability. Matthews outlines topics to consider like identifying records across different media, essential factors for management, and functional requirements for an electronic records solution. He also discusses records lifecycles, legal obligations around electronic discovery, and the role of organizations like NARA in providing guidance and long-term preservation of federal records.
2.5 safety and security of data in ict systems 13 12-11mrmwood
The document discusses various threats to the safety and security of data in ICT systems, including internal threats like disgruntled employees and external threats such as hackers. It also covers different types of threats like viruses, trojan horses, and logic bombs, and methods that can be used to protect against these threats, such as firewalls, virus protection software, and restricting access privileges. The document stresses the importance of security policies, procedures, monitoring, and training employees to help prevent security breaches.
The document discusses various topics related to asset management and data security in an IT environment. It covers:
- The importance of having policies for classifying, retaining, and destroying assets like data, hardware, software and documentation.
- Defining roles for data owners, custodians, system owners and administrators.
- Methods for securely storing, transmitting and destroying sensitive data.
- Vulnerabilities that can affect web-based systems and ways to assess security risks through scanning and testing.
Technological safeguards, physical access restrictions, firewalls, encryption, virus monitoring and prevention, audit-control software, and secure data centers are commonly used methods to safeguard information systems. Organizations should also implement human safeguards like ethics, laws, computer forensics, and effective management. Developing a comprehensive information security plan that includes risk analysis, policies and procedures, disaster planning, and responding to security breaches is important for organizations to protect their information systems.
Technological safeguards, physical access restrictions, firewalls, encryption, virus monitoring and prevention, audit-control software, and secure data centers are commonly used methods to safeguard information systems. Organizations should also implement human safeguards like ethics, laws, and effective management. Developing a comprehensive information security plan that includes risk analysis, policies and procedures, disaster planning, and responding to security breaches is key to protecting information systems.
This document discusses best practice standards for electronic record keeping. It notes that organizations typically have high volumes of electronic messages and documents stored in disorganized ways. This can lead to risks like unauthorized access, loss of data, inability to find records, and non-compliance. The document recommends following standards like AS 4390 and ISO 15489 to properly classify, index, track, appraise, and dispose of records in all formats. Implementing electronic record keeping systems requires identifying requirements, assessing current systems, designing controls, training staff, and ongoing review and improvement.
An effective records management program has several important business benefits:
1. It controls the creation and growth of records by limiting unnecessary documents and establishing retention schedules to destroy obsolete records. This stabilizes record growth over time.
2. It reduces operating costs by allowing inactive records to be stored off-site more cheaply and freeing up office space. For a typical 30 person office, cost savings could be $7,000 annually.
3. It improves efficiency and productivity by enhancing information retrieval through well-designed filing systems and indexes, allowing staff to access needed information more quickly.
There are six commonly used technological methods to safeguard information systems: physical access restrictions, biometrics, virtual private networks, firewalls, encryption, and virus monitoring and prevention. Organizations also implement human safeguards like ethics, laws, computer forensics, and developing and following an information security plan that includes risk analysis, security policies and procedures, disaster recovery planning, and continuous management of security issues.
The document summarizes an electronic records management class which covered:
1) Responsibilities and challenges of managing electronic records including storage, formats, and ensuring access over time.
2) Storage media and database concerns like capacity, recovery, and security.
3) Reformatting records digitally and quality control standards.
4) Metadata and its importance for records.
5) Strategies for email management including determining records, organization, and archiving.
6) Enterprise content management systems and their use by Virginia agencies.
The document provides information about the Certified Information Systems Security Professional (CISSP) certification. It discusses how the CISSP certification demonstrates that individuals have the necessary skills and experience to build and manage security for organizations. It also outlines the requirements to obtain the CISSP certification, including having 5 years of relevant work experience in 2 or more security domains or 4 years with a degree, passing the exam, completing the endorsement process, and maintaining the certification through ongoing training requirements.
Electronic Records Management An OverviewKen Matthews
The document provides an overview of electronic recordkeeping (ERK) in the government. It defines key terms, describes objectives and critical success factors for ERK projects. It reviews legal requirements and business benefits, and introduces planning checklists for records managers and IT staff considering an ERK project.
Electronic records management (ERM) evolved from the need to more efficiently store and retrieve organizational records. As organizations generated increasing volumes of information, traditional paper-based records storage became inefficient. ERM systems digitized records management to reduce storage and retrieval costs. Early ERM systems lacked standards and interoperability between vendors. Regulatory bodies later established guidelines to promote consistent ERM practices, especially in the public sector. Document management systems expanded to incorporate electronic records management features to better serve organizations' information governance needs.
This presentation provides you with an overview of Electronic Records Management (ERM). The slides are from the AIIM ERM Certificate Program covering technologies and global best practices for managing electronic records.
Classify information and supporting assets (e.g., sensitivity, criticality), Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners), Protect privacy, Ensure appropriate retention (e.g., media, hardware, personnel), Determine data security controls (e.g., data at rest, data in transit), Establish handling requirements (markings, labels, storage, destruction of sensitive
information)
The document discusses implementing an effective records management system using SharePoint. It emphasizes business alignment by understanding how end-users work and adapting the system to their needs. The implementation involves creating a file plan, records libraries, content types, and routing rules to automatically route documents to an archive site as records. User adoption is key to success by designing an intuitive solution that streamlines work processes.
Understanding records management print and electronicFe Angela Verzosa
lecture presented by Fe Angela M. Verzosa at the Seminar Workshop sponsored by De La Salle University- Dasmarinas, on 4 December 2014 at Luis Aguado Viewing Room, Aklatang Emilio Aguinaldo, DLSU-Dasmarinas, Cavite
Enterprise content management systems and electronic document records management systems are used to capture, manage, store, preserve, and deliver electronic content across an organization. They involve both technology and processes to organize electronic documents, emails, databases, cloud content and other unstructured data according to an organization's information lifecycle and business processes. Examples are provided of how different types of organizations like a flower shop, insurance company, government department, and electric company can benefit from electronic records management systems.
This document discusses key concepts around classifying and protecting organizational assets and data. It covers common data labeling schemes used by governments and private organizations, as well as controls for determining user access to classified information including clearances, need-to-know, and formal access approval. The document also outlines different media types that store data and appropriate methods for cleaning or destroying storage media to prevent data remanence.
The document discusses the records and information management (RIM) environment. It covers topics such as electronic business activities like e-commerce, electronic fund transfers, and data interchange. It also discusses information governance, records program management guidelines, electronic records management tools, common records system problems, legal considerations for records management, careers in records management, and professional organizations in the field. The overall document provides an overview of the key elements in the RIM environment.
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
Electronic records require careful file management throughout their lifecycle. When records are created, they must be classified and organized into meaningful folder structures with descriptive file names. Classification systems like taxonomies and file plans are used to categorize records and assign unique identifiers. Records move through various stages of use, distribution, retention, storage, and eventual disposition. Backups protect records from loss or damage. Databases provide efficient search and retrieval of organized electronic data. Proper management of electronic records from creation to final disposition is important.
This document provides guidance on records management for the TRICARE Management Activity (TMA). It discusses what constitutes a TMA record, the records lifecycle, impacts of record freezes, and when records can be destroyed. It emphasizes the importance of properly managing both paper and electronic records in accordance with relevant laws and regulations to avoid legal and organizational issues.
How-to: 18 Ways to Secure Your Electronic DocumentsBMDS3416
Are your organization’s #document #management #security inefficiencies leaving you open to legal and economic repercussions? Compliance with mandates such as the Privacy Act, Freedom of Information Act, #HIPAA and the #Sedona #Principals for e-discovery and disclosure are causing ongoing concern within government agencies and corporations…and increased need for solid document security. But how can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions.
This document discusses best practices for file and records management. It notes that many professionals waste significant time each day and year searching for documents. Proper paper and digital filing systems can help avoid this loss of time. The document provides tips for implementing effective paper and digital filing structures and procedures, including topics like file closing, retention, and destruction. Special concerns around client requests for files are also addressed. The overall goal highlighted is implementing sound office procedures enforced through technology with trained staff.
This document discusses the importance of record keeping for small businesses. It identifies key records that should be kept, such as financial records, customer records, contracts, and tax records. It also reviews different record keeping tools that can be used, including paper filing systems, computer software, cloud computing, spreadsheets, and accounting programs. The document emphasizes that proper record keeping is important for business operations, planning, legal compliance, and tax purposes. It also provides tips on evaluating software needs and accessing training resources.
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
These are slides from a college course. For more info see https://samsclass.info/125/125_S16.shtml
This chapter is from an awful (ISC)2 book I abandoned. All further chapters use a much better textbook.
Ryan Ali is seeking a job that utilizes his diverse work experience. He has over 12 years of experience in shipping and receiving and has held roles such as Operations Supervisor and Lead Hand. He is proficient in forklift operation, Microsoft Office, and SAP. Ali has obtained several certifications in areas such as forklift instruction, customer service, and health and safety.
There are six commonly used technological methods to safeguard information systems: physical access restrictions, biometrics, virtual private networks, firewalls, encryption, and virus monitoring and prevention. Organizations also implement human safeguards like ethics, laws, computer forensics, and developing and following an information security plan that includes risk analysis, security policies and procedures, disaster recovery planning, and continuous management of security issues.
The document summarizes an electronic records management class which covered:
1) Responsibilities and challenges of managing electronic records including storage, formats, and ensuring access over time.
2) Storage media and database concerns like capacity, recovery, and security.
3) Reformatting records digitally and quality control standards.
4) Metadata and its importance for records.
5) Strategies for email management including determining records, organization, and archiving.
6) Enterprise content management systems and their use by Virginia agencies.
The document provides information about the Certified Information Systems Security Professional (CISSP) certification. It discusses how the CISSP certification demonstrates that individuals have the necessary skills and experience to build and manage security for organizations. It also outlines the requirements to obtain the CISSP certification, including having 5 years of relevant work experience in 2 or more security domains or 4 years with a degree, passing the exam, completing the endorsement process, and maintaining the certification through ongoing training requirements.
Electronic Records Management An OverviewKen Matthews
The document provides an overview of electronic recordkeeping (ERK) in the government. It defines key terms, describes objectives and critical success factors for ERK projects. It reviews legal requirements and business benefits, and introduces planning checklists for records managers and IT staff considering an ERK project.
Electronic records management (ERM) evolved from the need to more efficiently store and retrieve organizational records. As organizations generated increasing volumes of information, traditional paper-based records storage became inefficient. ERM systems digitized records management to reduce storage and retrieval costs. Early ERM systems lacked standards and interoperability between vendors. Regulatory bodies later established guidelines to promote consistent ERM practices, especially in the public sector. Document management systems expanded to incorporate electronic records management features to better serve organizations' information governance needs.
This presentation provides you with an overview of Electronic Records Management (ERM). The slides are from the AIIM ERM Certificate Program covering technologies and global best practices for managing electronic records.
Classify information and supporting assets (e.g., sensitivity, criticality), Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners), Protect privacy, Ensure appropriate retention (e.g., media, hardware, personnel), Determine data security controls (e.g., data at rest, data in transit), Establish handling requirements (markings, labels, storage, destruction of sensitive
information)
The document discusses implementing an effective records management system using SharePoint. It emphasizes business alignment by understanding how end-users work and adapting the system to their needs. The implementation involves creating a file plan, records libraries, content types, and routing rules to automatically route documents to an archive site as records. User adoption is key to success by designing an intuitive solution that streamlines work processes.
Understanding records management print and electronicFe Angela Verzosa
lecture presented by Fe Angela M. Verzosa at the Seminar Workshop sponsored by De La Salle University- Dasmarinas, on 4 December 2014 at Luis Aguado Viewing Room, Aklatang Emilio Aguinaldo, DLSU-Dasmarinas, Cavite
Enterprise content management systems and electronic document records management systems are used to capture, manage, store, preserve, and deliver electronic content across an organization. They involve both technology and processes to organize electronic documents, emails, databases, cloud content and other unstructured data according to an organization's information lifecycle and business processes. Examples are provided of how different types of organizations like a flower shop, insurance company, government department, and electric company can benefit from electronic records management systems.
This document discusses key concepts around classifying and protecting organizational assets and data. It covers common data labeling schemes used by governments and private organizations, as well as controls for determining user access to classified information including clearances, need-to-know, and formal access approval. The document also outlines different media types that store data and appropriate methods for cleaning or destroying storage media to prevent data remanence.
The document discusses the records and information management (RIM) environment. It covers topics such as electronic business activities like e-commerce, electronic fund transfers, and data interchange. It also discusses information governance, records program management guidelines, electronic records management tools, common records system problems, legal considerations for records management, careers in records management, and professional organizations in the field. The overall document provides an overview of the key elements in the RIM environment.
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
Electronic records require careful file management throughout their lifecycle. When records are created, they must be classified and organized into meaningful folder structures with descriptive file names. Classification systems like taxonomies and file plans are used to categorize records and assign unique identifiers. Records move through various stages of use, distribution, retention, storage, and eventual disposition. Backups protect records from loss or damage. Databases provide efficient search and retrieval of organized electronic data. Proper management of electronic records from creation to final disposition is important.
This document provides guidance on records management for the TRICARE Management Activity (TMA). It discusses what constitutes a TMA record, the records lifecycle, impacts of record freezes, and when records can be destroyed. It emphasizes the importance of properly managing both paper and electronic records in accordance with relevant laws and regulations to avoid legal and organizational issues.
How-to: 18 Ways to Secure Your Electronic DocumentsBMDS3416
Are your organization’s #document #management #security inefficiencies leaving you open to legal and economic repercussions? Compliance with mandates such as the Privacy Act, Freedom of Information Act, #HIPAA and the #Sedona #Principals for e-discovery and disclosure are causing ongoing concern within government agencies and corporations…and increased need for solid document security. But how can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions.
This document discusses best practices for file and records management. It notes that many professionals waste significant time each day and year searching for documents. Proper paper and digital filing systems can help avoid this loss of time. The document provides tips for implementing effective paper and digital filing structures and procedures, including topics like file closing, retention, and destruction. Special concerns around client requests for files are also addressed. The overall goal highlighted is implementing sound office procedures enforced through technology with trained staff.
This document discusses the importance of record keeping for small businesses. It identifies key records that should be kept, such as financial records, customer records, contracts, and tax records. It also reviews different record keeping tools that can be used, including paper filing systems, computer software, cloud computing, spreadsheets, and accounting programs. The document emphasizes that proper record keeping is important for business operations, planning, legal compliance, and tax purposes. It also provides tips on evaluating software needs and accessing training resources.
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
These are slides from a college course. For more info see https://samsclass.info/125/125_S16.shtml
This chapter is from an awful (ISC)2 book I abandoned. All further chapters use a much better textbook.
Ryan Ali is seeking a job that utilizes his diverse work experience. He has over 12 years of experience in shipping and receiving and has held roles such as Operations Supervisor and Lead Hand. He is proficient in forklift operation, Microsoft Office, and SAP. Ali has obtained several certifications in areas such as forklift instruction, customer service, and health and safety.
Este documento describe los paquetes estadísticos aplicados a los procesos administrativos. Los paquetes estadísticos son programas informáticos diseñados específicamente para resolver problemas estadísticos y realizar cálculos estadísticos. Algunos de los paquetes estadísticos más populares son R, SPSS y Microsoft Excel. Cada uno tiene características y usos diferentes para el análisis de datos. El documento también incluye un ejemplo de cómo se pueden usar los paquetes estadísticos para analizar una base
Este documento discute la dificultad de clasificar obras de arte dentro de categorías estrictas como abstracción o figuración. Señala que la obra de Luis Caballero escapa a una clasificación precisa y que intentar definir el arte en términos precisos puede limitar su comprensión y disfrute. También resume un video de Luis Caballero en el que explica que se enfoca en el cuerpo humano como fuente de inspiración y que pinta por pasión más que por trabajo.
O documento discute o conceito e importância da biotecnologia, aplicações em diagnósticos, terapias e outras áreas como anticorpos monoclonais, engenharia de tecidos e bioinformática. Também aborda aplicações em medicina, agricultura e meio ambiente, além de questões éticas como biopirataria e clonagem.
El documento resume una lección de clase sobre fuentes de energía. Los estudiantes aprendieron sobre normas de escritura y tuvieron una discusión sobre diferentes tipos de fuentes de energía, incluyendo energía renovable. Como tarea, se les pidió a los estudiantes que escribieran un trabajo respondiendo preguntas sobre fuentes de energía y sus usos y opiniones sobre vehículos eléctricos.
Este documento contiene dos resúmenes de clases de inglés de 4o grado. La primera clase cubrió los meses y días del año, y la tarea fue escribirlos en inglés con dibujos. La segunda clase trató sobre las estaciones del año, y la tarea fue escribirlas en inglés con dibujos. Ambas clases discutieron temas futuros como prendas de vestir, adjetivos, y construcción de párrafos.
The document discusses best practices for asset management and data security. Some key points include:
- The importance of having clear data ownership, classification, retention, and disposal policies.
- Different roles in asset management like data owners, custodians, administrators.
- Guidelines for securely handling data throughout its lifecycle including storage, transport, use, and disposal.
- Recommendations for securely classifying, marking, and labeling sensitive data and assets.
This document discusses the risks of electronically stored information (ESI) and provides steps for risk managers to gain control of ESI. It notes that 93% of information is now digital and courts are imposing sanctions for ESI spoliation. It then outlines challenges of ESI including volume, proliferation of document types, inadequate retention policies, and inefficient storage. Finally, it recommends that risk management take ownership of developing an ESI strategy and policies to address preservation, retention, and production of ESI.
The document discusses asset management policies and procedures for managing an organization's hardware, software, data, and other assets. It covers establishing ownership and classifications for assets, roles and responsibilities for data owners, custodians, and administrators, implementing retention and disposal policies, and ensuring compliance with privacy and security regulations.
CERN 5 Things you should know about Data ProtectionEUDAT
The document provides an overview of key aspects of data protection that organizations should be aware of:
1) Personal data belongs to individuals and must be processed fairly and for specific purposes, with transparency about how and why data is used.
2) Inappropriately handling personal data without consent or legitimate basis is illegal. Organizations must implement training, policies, and accountability measures to ensure compliant internal data practices.
3) Personal data cannot be freely shared without appropriate safeguards like contracts, as the controller remains responsible for privacy protections. International transfers require ensuring an adequate level of protection.
4) Organizations have an obligation to appropriately secure personal data and respect individuals' rights to their data, such as access,
Explain the IAR document and how it should be filled__YASHODA Hospital.pptxUndersam
The document provides guidance on filling out an Information Asset Register. It defines an information asset as any repository where data is stored or processed, whether physical or virtual. An Information Asset Register is a log of an organization's information assets and should include details such as the asset name, location, owner, and security classification. The document outlines how to identify assets, decide which to include in the register, and how regularly to review and update the register. It also provides definitions for key terms related to information asset management policies and how such a policy maps to the ISO 27001 standard.
This document discusses key aspects of developing an effective electronically stored information (ESI) preservation program. It defines key terms like preservation, collection, and production. It emphasizes having documented policies, trained staff, and automated processes to properly manage litigation holds and ESI. It also outlines common challenges like cost pitfalls and how to work with IT departments. Finally, it provides benchmarks for typical eDiscovery costs.
Implementing Asset Management System with ISO 55001PECB
Over the past several years, the asset management industry has fundamentally changed shape, it is critically more important than ever before. ISO 55000 defines Asset management as the "coordinated activity of an organization to realize value from assets". In turn, Assets are defined as follows: "An asset is an item, thing or entity that has potential or actual value to an organization". This webinar explores ISO 55001 and Asset Lifecycle Management. Moreover, the webinars gives a brief introduction of the six elements into which ISO 55001 divides asset management system.
Main points covered:
• Explore ISO 55001
• Asset Lifecycle Management
• Explore the concept behind information Assets
• Who is an Asset Manager and what the responsibilities of an Asset Manager are
Presenter:
Orlando Olumide Odejide is a PECB Certified Trainer. He is an experienced Enterprise Architect and Programme Director working on various technology solutions for client in the Financial Services, Manufacturing and Public Sectors.
Link of the recorded session published on YouTube: https://youtu.be/hYaNNwQK1Ns
Attorneys need to be aware of increasing amounts of electronic data and rising spoliation sanctions. They should implement document retention and legal hold policies to preserve relevant information for litigation. These policies should cover social media, emails, texts and other electronically stored information. They also need processes to identify trigger events requiring preservation, implement litigation holds, and collect electronic data while meeting discovery obligations. Failure to properly preserve electronic evidence can result in spoliation findings and sanctions against the responsible party.
This document discusses IT best practices for law firms related to compliance. It begins with an introduction to a panel discussion on benchmarking firms' IT practices against compliance standards. The document then covers topics like data retention policies, IT management perspectives, the role of IT professionals, and unique compliance policies for different businesses. Key recommendations include automating security measures, reviewing logs daily, maintaining technology, and including IT in management meetings. The panel discussions provide examples of best practices around password security, employee monitoring, vendor management, and security checks. Overall, the document stresses the importance of IT compliance and managing related costs.
An IT audit evaluates an organization's IT systems, management, operations, and related processes. It ensures that IT controls are adequate, systems provide reliable information, and data/systems are properly protected from unauthorized access. An IT audit typically establishes objectives and scope, develops an audit plan, evaluates controls through tests and analysis, and reports findings. It provides assurance that IT systems are reliable, secure, and achieving their intended benefits for the organization.
records management workshop updated 20141112.pptxErmiyas33
The document provides guidance on effectively managing records at a university. It emphasizes organizing records according to business processes and activities to ensure legislative compliance, efficiency, and accessibility. Retention periods are linked to business processes and records with the same retention periods are grouped together for easy disposition. The document stresses saving records in shared network drives and folders rather than personal drives so others can access important information.
The Insider Threat Center conducts research on insider cyber threats and develops socio-technical solutions to address these threats. It has collaborated with the U.S. Secret Service since 2002 to identify, assess, and manage potential insider threats. The Center also conducts confidential vulnerability assessments for organizations to evaluate their exposure to insider threats and provides recommendations to mitigate risks.
The document provides an overview and agenda for a data protection training session. It discusses why data protection is important, key terms and principles of the Data Protection Act 1998 and Privacy and Electronic Communications Regulation 2003. It offers practical tips for marketers on obtaining consent, permissions management, sourcing data, and regaining lost permissions. The session aims to help participants understand data protection law and their responsibilities to comply.
The document provides an agenda and overview for a data protection training seminar. It discusses why data protection is important, key terms and principles of the Data Protection Act 1998 and Privacy and Electronic Communications Regulation 2003. These include the definition of personal data, the rights of individuals, and security requirements. It also offers practical tips for marketers regarding obtaining consent, using data, and regaining lost permissions. The seminar aims to help participants understand UK data protection law and its implications for their marketing activities.
The document outlines 10 things to expect from IT, including monitoring systems, management tools, service level agreements, reporting on system health, user issues, and future budgets. It recommends evaluating IT using the Gartner maturity model and notes that a combination of people, processes, and tools are needed to transition IT from reactive to proactive. Auditing, documentation, training, asset tracking, and change management are also important aspects of a well-run IT department.
An IT audit evaluates an organization's IT systems, management, operations, and related controls. IT audits are important to ensure systems are reliable, secure, and properly managed. They help reduce risks like data tampering, loss, and service disruptions. An IT control is a procedure or policy that provides reasonable assurance that IT operates as intended, data is reliable, and the organization complies with laws and regulations. Controls can be general IT controls or application controls.
This document discusses various IT security, compliance, legal risk, and disaster preparedness topics. It begins by outlining the basics of an IT security lifecycle including inventorying assets, identifying risks, remediating risks, and monitoring alerts. It then discusses threats like cybercrime, phishing, and issues related to e-discovery, PCI compliance, and HIPAA compliance. The document provides recommendations for legal risk mitigation, disaster preparation, cyber incident handling, and options for addressing IT security needs either through do-it-yourself methods, outside help, or hiring a support organization.
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
Organizations have large amounts of digital content scattered across file shares and other locations. This "dark content" is often not governed and contains valuable, obsolete, and duplicated information. File analysis software can help identify this dark content, determine the appropriate actions for different content types, and execute those actions to remediate file shares. This improves governance, reduces costs and risks, and extracts more value from organizational information assets.
Similar to What IT Needs to Consider for Legal Hold (20)
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What IT Needs to Consider for Legal Hold
1. What IT Needs to Consider for
Legal Hold
What Auditors Should Look For
David Maxwell
David@DavidDMaxwell.com
2. Legal Hold Considerations for IT
• This presentation is based on my experiences
in dealing with IT Legal Holds and Legal
Matters.
• This does not reflected any advice from my
current employer. These are my opinions.
• Review the considerations with your Legal
team for agreement.
• I am not an attorney.
3. Legal Hold Considerations for IT - Why
• The FRCP in 2006 was updated to include "electronically
stored information” Commonly referred to as ESI.
• Legal matters are one of the largest unknown expenses to a
business. However, there are few controls to ensure data
for legal matters.
• What IT needs to know about Legal:
– Legal does not know IT
– Legal often work in silos not always interested with other
matters of the legal department
– IT must work to understand what Legal needs
– Legal advises they need everything relevant
5. Legal Hold Considerations for IT - Data
• Two types of data: Structured and Unstructured.
– Structured: Systems, ERP, CRM, structure systems usually have databases and
a defined information structure.
– Unstructured: User systems (laptops desktop), user file share, dept file share
– This presentation is related to unstructured data.
• Key considerations of data preserved: Data, Metadata, especially dates-
creation, modified, last accessed
• Recommend discussing with Legal to ensure they have an understanding
that IT cannot control actions of user on legal hold. If the user decides to
purge data, IT cannot ensure that their data is preserved. This applies to
data users have control over, such as local computers, file shares and
devices. The custodians on hold are expected to apply due diligence to
ensure data is preserved.
• My approach: Preserve data associated with custodians as a whole and do
not try to cull or search data. That is a separate process and should be left
to eDiscovery professionals and their tools to analyze and testify how it
was found.
• Collection approach: Active data vs Forensic data
6. Legal Hold Considerations for IT - Notification
• Legal hold notification to CIO, Directors or VPs of IT.
– Legal usually has one process of legal notification and that is a legal hold.
However, many notified should not be put on hold but need awareness.
– CIO sends email to key staff stating we have a legal hold with these people.
Staff really does not know what to do. I recommend identifying a coordinator
role, legal IT liaison. A coordinator to ensure custodian lists, procedures and
Data is being preserved.
• Recommendation: Establish a CIO owned mail group (better if legal
owned) that contains all “need to know” IT people of new legal hold. Have
legal send the notification to the mail group. May be best if other
departments (such as HR) have this as well.
• The rest of the presentation will provide areas consideration for it to
ensure preservation of data.
• Control: IT shall define process for notification of a legal hold to key IT
personnel.
• Risk: Preservation may not occur if notification does not happen.
7. Legal Hold Considerations for IT – Custodian List
• Create a List of custodians (people) on hold.
IT really needs 2 list.
– List one to use in IT process to identify custodians
– List two to manage overall custodians and matters
• Do not use any PII data, like SSN#
• List 1: First Name, Last name, employee number
• List 2: First Name, Last name, employee number, date placed
on hold, date removed from hold, termination date, matter 1,
matter 2
It may be possible that Legal maintain, however with silo
structure of most legal groups they may not be centralized.
• Control: IT shall create and maintain a readily available list of active custodians for
legal matters. Periodic reviews shall occur with legal to ensure accuracy of the list.
• Risk: IT does identify users that need to have their data preserved for legal holds
8. Legal Hold Considerations for IT – Custodian List
• List 1
• List 2
First Name Last Name Employee #
David Maxwell 123456
First Last EMP # Date On Date
Off
Term
Date
#2014-
12
Matter
2
Matter
3
David Maxwell 123456 1/15/15 3/15/15
9. Legal Hold Considerations for IT – Secure Storage Area
• Secured IT storage location for storing assets related to legal
matters.
• Need processes if encryption is used on assets.
• Needs a complete Inventory managed of what is stored.
I prefer to have this outside of IT control, if possible.
Chain of custody (example at ASDFED.com) needs to be
applied to each asset.
Assets stored may be on more than one legal hold. Over time,
this will happen.
• If Legal feels comfortable, you may be able to image to a
secured share.
Control: Assets collected for legal hold shall be securely stored,
inventoried and managed.
Risk: Collected assets for legal hold are not secured and maintained
for collection.
10. Legal Hold Considerations for IT – Email
• Almost always the #1 area of interest.
Users have a tendency to horde information and email is the main area
they think they need to keep everything. Email is a communication tool.
People send emails not just create and store, therefore the receiver
should have the email as well.
• Legal Hold server Configuration: Understand if your mail system has ability
to apply legal hold. Exchange 2010 and later have this capability. If
available, make sure you have documented process in place to insure that
custodians have the legal configuration applied. Cloud solution should be
reviewed to ensure that preservation capabilities are available. O365 does
have this as well.
• Backups: Always asked about by opposing counsel. If you have no other
way to preserve email, then backups may be your only solution. If images
are used vs backups dumps of users may need to be implemented.
• PST’s: Generally stored on the local computer, get those when drive is
collected
• MSG: Don’t forget user can drag email out of Outlook
to other storage areas like their desktop.
11. Legal Hold Considerations for IT – Email
• Recommendation:
– #1 Document how email is stored and used in your
environment. Have it readily available to share with attorneys.
This should be a living document that identifies upgrades and
changes to the system as well how users use email and how
backups are done and accessed.
– #2 review backup schedule for reasonable retention time
frames.
– #3 Consider adding retention to user email however for legal
hold users retention should be suspended.
Control: IT shall have documented process for preserving email for legal hold
custodians
Risk: Email may not be preserved for Legal Hold custodians.
12. Legal Hold Considerations for IT – User Support
• Help desk needs to be aware of legal hold and have processes that ensure
the protection of data. If virus, equipment failure, and other problems
occur the help desk must be aware of preservation before solving the
issue. Many help desk fixes are solved by reimage however, procedures
need to be followed to ensure metadata is managed appropriately and not
altered.
• Upgrades area often a different team/group they should also reference
the list and have procedures that ensure custodian data is not altered.
• This is when the first list is used. They just need to know names or
employee number.
Some ticketing systems are beginning to include fields that stoplight legal
custodians.
Control: IT shall have documented process for identifying legal hold
custodians and process for handling their data so that data is not changed
or altered.
Risk: Collected assets for legal hold are not secured and
maintained for collection.
13. Legal Hold Considerations for IT – Terminations
• Custodians will leave. IT will need to make sure the system of
a termed user is collected and preserved.
• This process should be part of the off boarding process.
– HR should participate /awareness of the process
• Consider the need for the manager to retrieve business
related information
– Define a process for managers to request information within a period of time
– Process can define a longer period of time to keep the drives for senior
management
– Tech’s need processes to ensure data is not altered , may need use write
blockers
Control: Termed legal hold custodians shall have their data preserved.
Risk: Legal hold data is not maintained for custodians.
14. Legal Hold Considerations for IT – Disposal /Reuse of media
• Hard Drives
Drives and media must have a process for reuse or disposal. The challenge
is that many drives are held for disposal for a period of time. Often waiting
for enough drives to dispose or periodic times of the year. In the event a
new legal hold may come into play it is best to label and inventory drives
waiting to be processed.
• Inventory drives as they are added to the destroy/reuse list and when they
are actually destroyed. At both times reference the custodian legal hold
list (list 1) to ensure preservation is not needed.
• This becomes very important when tracking down a former employee
data. The inventory records of destruction can show when the data was
destroyed or reimaged.
Control: Assets defined for destruction shall be inventoried, logged and
checked if on legal hold prior to destruction.
Risk: Collected assets for destruction may become on legal hold prior to
actual destruction of reuse.
15. Legal Hold Considerations for IT – Closing thoughts
There are many more challenges:
• Automatic process and scripts should be reviewed and suspended such as
auto deletion of share drives until collection of preservation can occur.
• Transfers of employees to different departments/countries.
• Share drives, SharePoint, social media should be considered.
• Confidential nature of litigations, no need for IT to know details
• IT needs to have (regular) training and understanding of Legal Holds. They
need to know what are expectations, what to do with data and who to
contact if unsure about what to do with data.
• Many times it helps if Legal understands the cost and the burden it takes
to preserve. Identifying costs may make it easier for Legal to settle.
• If you have periodic recommendation of purging to be compliant with
retention schedules consider including Legal hold verbiage to over ride the
iactivity.