ISO/IEC INTERNATIONAL STANDARD 27050-2 First edition 2018-09 Information technology Electronic discovery - Part 2: Guidance for governance and management of electronic discovery Technologies de I'information - Découverte électronique - Partie 2: Lignes directrices pour la gouvernance et le management de I'investigation informatique Reference number IEC IS0/IEC 27050-2:2018(E) @IS0/IEC 2018 IS0/IEC 27050-2:2018(E) COPYRIGHTPROTECTEDDOCUMENT @ IS0/IEC 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii @ IS0/IEC 2018 - All rights reserved IS0/IEC 27050-2:2018(E) Contents Page Foreword ..iv Introduction. ..V 1 Scope. ..1 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms ..1 5 Electronic discovery background ..2 6 Governance of electronic discovery ..4 6.1 Context and principles. ..4 6.2 Mandate and establishment ..4 6.3 Evaluate. .4 6.4 Direct. ..4 6.5 Monitor. .5 7 Management of electronic discovery 5 7.1 Contextandcontrols .5 7.2 Archival policies. .5 7.3 Discovery policies. .5 7.4 Disclosure policies 5 7.5 Capability policies .5 7.6 Risk compliance policies .6 7.7 Monitoring and reporting policies .6 Risks and environmental factors .6 8 8.1 Overview .6 8.2 Privacy 6 8.3 Detection of other serious issues. .7 8.4 Adverse effects on organizational activities .7 8.5 Damage to staff morale. .7 8.6 Damage to organizational reputation .7 9 Compliance and review .7 9.1 Overview .7 9.2 Structural requirements for process delivery .7 9.3 Process control and monitoring. ..8 9.4 Communication mechanisms and disclosure .8 9.5 Consistency to policy and duty to perform. ..8 9.6 Effectiveness review ..8 9.7 Vendor management. .8 Bibliography 9 @ IS0/IEC 2018 - All rights reserved iii