News & Press: Affiliates in the News

EDRM Releases New Security Audit Questionnaire

Wednesday, March 8, 2017   (0 Comments)
Posted by: Mary Mack
Share |

EDRM Releases New Security Audit Questionnaire
Practical Data Security and Risk Assessment Tool Helps Organizations Evaluate Security Preparedness

Durham, NC – March 8, 2017 – EDRM, the leading standards organization for the e-discovery market, announced today the release of a new Security Audit Questionnaire, a practical tool for evaluating the security capabilities of corporations, law firms, cloud providers and third parties offering electronic discovery or managed services.

“E-discovery increasingly involves very large volumes of potentially sensitive data, and multiple organizations may play a role in processing, hosting, review and production of documents,” says George Socha, EDRM co-founder. “It’s critical that decision makers assess the security capabilities of e-discovery providers, and the questionnaire was designed to guide that assessment.”A team of EDRM members representing e-discovery providers, corporate legal departments and law firms convened in August 2016 to discuss security and compliance requirements and create a plan for the Security Audit Questionnaire. Amy Sellars, assistant general counsel, litigation support for Walmart Legal, and Julie Hackler, account executive at Avansic, led the team of 14 professionals with backgrounds in e-discovery, security, IT technologies and litigation support in creating the tool. Over several months of collaborative effort, the team identified seven key security areas for audit, developed checklists and audit questions, built and tested the questionnaire. The complete list of EDRM Security Audit team members is included with the questionnaire.

The seven security disciplines addressed in the audit questionnaire include:

  • General Security
  • Security and Risk Management
  • Asset Security
  • Communications and Network Security
  • Identity and Access Management
  • Security Operations
  • Software Development Security

The security survey evaluates an organization’s data security and practices, allowing potential customers to assess the risk of entrusting sensitive data to the vendor. The tool can be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act and security breach notification laws.

The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided. The tool is also suited for organizations who wish to conduct a self-audit to assess security capabilities and identify areas for improvement.

The EDRM Security Audit Questionnaire is available for download on the EDRM website.

About EDRM
The Electronic Discovery Reference Model (EDRM) creates practical resources to improve e-discovery and information governance. Since 2005, EDRM has delivered leadership, standards, best practices, tools, guides and test data sets to improve electronic discovery and information governance. Member individuals, law firms, corporations and government organizations actively contribute to the direction of EDRM. In 2016, EDRM became part of the Center for Judicial Studies at Duke Law School. EDRM expands the center’s efforts to provide educational and professional resources in electronic discovery and information governance in support of its mission to promote a better understanding of the judicial process and generate ideas for improving the administration of justice. Visit EDRM.net to become a member. To learn more about the Duke Law Center for Judicial Studies, visit https://law.duke.edu/judicialstudies.

Media Contact
Vicki LaBrosse
vlabrosse@edgelegalmarketing.com


What our customers say?

©2016 Association of Certified E-Discovery Specialists
All Rights Reserved