CCSP Domain 6 : Legal Hold and eDiscovery Flashcards
What does e-discovery typically involve?
identification, collection and production of data related to a case and legal holds
What is the recommended action for a business when it faces a need for eDiscovery activity?
hiring an expert consultant who is licensed for this purpose
What is eDiscovery (electronic Discovery)?
process of identifying and obtaining electronic evidence for either prosecutorial or litigation purposes
What are the tools that aid with the process of eDiscovery?
- some cloud providers offer SaaS eDiscovery solutions in the form of cloud-based applications that can perform searches and collection of pertinent data (provider’s own cloud data center for its own customers)
- host-based tools that can be used to locate applicable information on specific machines (both HW and virtualized)
What is the most significant barrier to eDiscovery efforts in organizations that make heavy use of many different cloud services?
coordinating multiple providers that might have relevant records
I Preserve Collected Policies Rendered Absolutely Pointless
What are the seven main steps for eDiscovery?
- ESI identification
- preservation
- collection
- processing
- review
- analysis
- production
The Cloud Security Alliance points to a number of key areas to consider during e-discovery. What is most likely to drive higher costs in a cloud environment when the organization is operating under a litigation hold?
storage duration; cloud storage is typically billed by quantity and time
What is the first concern for discovery and legal hold scenarios?
identify the data that the hold request or discovery requires
What do legal holds require organizations to do with relevant data?
identify and preserve data that meets the hold’s scope
Organization preserved data due to a legal hold, but the data has hit the end of its retention timeframe due to statutory requirements. What should be done to the data?
continue to preserve the data to meet the legal hold requirements - legal holds normally take precedence over other deletion requirements
Why is a legal hold drive for retention process?
because it may require deviation from the organizational’s normal process for data retention and destruction
When does a legal hold typically occur?
organization is notified that either (a) law enforcement or regulatory entity is commencing an investigation or (b) private entity is commencing litigation against the organization
What organizational policy often accounts for legal holds?
retention policies often include language that addresses legal holds because holds can impact retention practices and requirements
eDiscovery is specifically intended to ensure compliance with what?
ensure compliance with litigation hold obligations
What is the initial phase of eDiscovery process?
legal hold
What does ESI stand for?
electronically stored information
When is eDiscovery is commonly used?
when there is a civil litigation to gather evidence for both plaintiffs and defendants
What happens during the Production phase of eDiscovery?
relevant ESI is produced in a format suitable for legal proceedings, regulatory submissions, or investigations
Which ISO standard provides guidance for eDiscovery programs?
ISO 27050
What are the e-discovery challanges/complexities in the cloud?
- organization investigating an incident may lack the ability to compel the CSP to turn over vital information needed to investigate
- information may be housed in a country where jurisdictional issues make the data more difficult to access
- maintaining a chain of custody is more difficult since the are more entities involved in the process
Before migrating to cloud, at what phase should be eDiscovery considered as a security requirement?
when considering a cloud vendor, during the selection and contract negotiation phases; otherwise CSP may not cooperate to aid with eDiscovery
What are important considerations for eDiscovery in the cloud that can be handled proactively?
data residency and system architecture - such as when designing or deploying a system or business process
Why is the burden of recording and preserving potential evidence shift to the customer?
CSPs may not preserve essential data for the required period of time to support historical investigations; they may not even log all the data relevant to support an investigation
