EDRM Releases New Security Audit Questionnaire

EDRM, the leading standards organization for the ediscovery market, just announced the release of a new Security Audit Questionnaire, a practical tool for evaluating the security capabilities of corporations, law firms, cloud providers and third parties offering electronic discovery or managed services.
“E-discovery increasingly involves very large volumes of potentially sensitive data, and multiple organizations may play a role in processing, hosting, review and production of documents,” says George Socha, EDRM co-founder. “It’s critical that decision makers assess the security capabilities of e-discovery providers, and the questionnaire was designed to guide that assessment.”
A team of EDRM members representing e-discovery providers, corporate legal departments and law firms convened in August 2016 to discuss security and compliance requirements and create a plan for the Security Audit Questionnaire. Amy Sellars, assistant general counsel, litigation support for Walmart Legal, and Julie Hackler, account executive at Avansic, led the team of 14 professionals with backgrounds in e-discovery, security, IT technologies and litigation support in creating the tool. Over several months of collaborative effort, the team identified seven key security areas for audit, developed checklists and audit questions, built and tested the questionnaire. The complete list of EDRM Security Audit team members is included with the questionnaire.
The seven security disciplines addressed in the audit questionnaire include:
• General Security
• Security and Risk Management
• Asset Security
• Communications and Network Security
• Identity and Access Management
• Security Operations
• Software Development Security
The security survey evaluates an organization’s data security and practices, allowing potential customers to assess the risk of entrusting sensitive data to the vendor. The tool can be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act and security breach notification laws.
The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided. The tool is also suited for organizations who wish to conduct a self-audit to assess security capabilities and identify areas for improvement.
The EDRM Security Audit Questionnaire is available for download on the EDRM website.
For more information, visit http://www.EDRM.net