1. Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2013 Info-Tech Research Group Inc. Ease Compliance through Repeatable Process Reduce the price for responding to requests for information and replying to litigation by 80%. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© 1997 - 2013 Info-Tech Research Group

2. Info-Tech Research Group2 Prepare for eDiscovery with a documented response plan. It will save you time and effort. It will also make working with legal counsel much easier. Introduction CIO and IT security officers that must establish a process to support eDiscovery. CIOs who must fill technology gaps that cause excessive cost and pain in the eDiscovery process. Other business leaders who are responsible for responding to legal or regulatory requests, including: Compliance officers Records managers Legal/Counsel Human Resource managers Understand eDiscovery best practices. Develop a set of templates to formalize the eDiscovery process. Enable IT leaders to develop competency through DIY workshops. Balance the complex sets of constraints and demands that apply to content, including: Regulatory compliance Freedom of Information requests eDiscovery Privacy This Research Is Designed For:This Research Will Help You:

3. Info-Tech Research Group3 Executive Summary Prepare for eDiscovery. Develop an SOP and a set of standard communication templates to guide the conversation with requestors and legal counsel. 1.Don’t start from scratch. Use the Electronic Discovery Reference Model (EDRM) as a guide. 2.Start with information governance and related processes. A focus on information governance is often the result of an assessment of enterprise risk and opportunity. Review Info-Tech workshops: WCO: Risk Management and WCO: IT Strategy.WCO: Risk Management WCO: IT Strategy 3.Get control of information sources. Information resides in many different places within the enterprise. Each of these sources must be identified, assessed, and assigned to a particular owner. Info-Tech Insight Situation Complication Resolution eDiscovery has a lot of moving parts. IT must interact with inside counsel, outside counsel, and a variety of different parties within the enterprise. The entire process needs to be auditable and – in legal parlance – “defensible.” Many CIOs make the assumption that eDiscovery is a black swan event. The truth is that eDiscovery comes from various sources: litigation, regulatory compliance, and internal investigations. eDiscovery can be incredibly complex and expensive. IT often treats eDiscovery as legal counsel’s issue but IT is a huge part of the response. All IT departments should have an eDiscovery plan in the likelihood that the improbable occurs.

4. Info-Tech Research Group4 Follow Info-Tech’s information governance roadmap Reintroduce the Information Lifecycle to the Content Management Strategy WCO: Risk Management Content Mgmt. Risk Mgmt. Find Information in the Enterprise Develop an Information Governance Strategy IT Strategy WCO: IT Strategy Develop a Data Privacy Compliance Strategy Mitigate Internal Risks & Achieve Compliance with Internal Controls Ease Compliance through Repeatable Process

5. Info-Tech Research Group5 WCO: IT Strategy 1. Understand the Corporate Strategy 2. Assess the Current State of IT 3. Define the Targets and Gaps 4. Create the Roadmap 5. Create the IT Strategy WCO: Risk Management 1. Risk Scenarios 2. Determine Risk Severity 3. Build the Risk Profile 4. Take Action Towards Risk 5. Report and Communicate Risk Ease Compliance Through a Repeatable Process When risk and strategy assessments point to information, you need an information governance strategy Develop an Information Governance Strategy 1. Build a Project Team 2. Identify Information Sources 3. Assess Information Sources 4. Define a Retention Schedule 5. Create a Communication Plan This set enables IT leaders to address concerns resulting from the information governance strategy. This set lays out how to deal with the eDiscovery process and the larger retention and deletion scheduling planning.

6. Info-Tech Research Group6 How to use this blueprint We recommend that you supplement the Best Practices Blueprint with a Guided Implementation. For most Info-Tech members, these Guided Implementations are included in your membership plan.* Our expert analysts will provide telephone assistance to you and your team at key project milestones to review your materials, answer your questions, and explain our methodology. Info-Tech Research Group’s expert analysts will come onsite to help you work through our project methodology in a 2-5 day project accelerator workshop. We take you through every phase of the project and ensure that you have a road map in place to complete your project successfully. In some cases, we can even complete the project while we are onsite. Do-It-Yourself Implementation Use this Best Practice Blueprint to help you complete your project. The slides in this Blueprint will walk you step-by-step through every phase of your project with supporting tools and templates ready for you to use. Project Accelerator Workshop You can also use this Best Practice Blueprint to facilitate your own project accelerator workshop within your organization using the workshop slides and facilitation instructions provided in the Appendix. Book your workshop now by emailing: WorkshopBooking@InfoTech.com WorkshopBooking@InfoTech.com Best Practice Blueprint Free Guided ImplementationOnsiteWorkshops * Gold and Silver level subscribers only Or calling: 1-888-670-8889 Ext. 3001 There are multiple ways you can use this Info-Tech Best Practice Blueprint in your organization. Choose the option that best fits your needs:

7. Info-Tech Research Group7 Guided Implementation points in the Content Creation Ecosystem project Book a Guided Implementation Today: Info-Tech is just a phone call away and can assist you with your project. Our expert Analysts can guide you to successful project completion. Here are the suggested Guided Implementation points in the Content Creation project: To enroll, send an email to GuidedImplementations@InfoTech.com or call 1-888-670-8889 and ask for the Guided Implementation Coordinator.GuidedImplementations@InfoTech.com This symbol signifies when you’ve reached a Guided Implementation point in your project. Section 1: Decide on what technology you need For those where any kind of eDiscovery request is rare, process and guidelines for how IT can support will control wasted time. Standardized process allows IT to guard against errors of ignorance and the potential for spoliation and fines for contempt. Section 3: Right size the technology to support the policies A plan for matching the strategy and the technical platform to maintain the strategy. A plan for solving the current problems based on the vendor roadmaps at the time. Section 5: Integrate compliance into information governance Compliance needs to be a central element of information governance for either to be successful. This does not necessarily mean further investment in technology.

8. Info-Tech Research Group8 Technology matters. Appropriate pieces such as archiving and ECM systems control the most concerning sources Document review and council’s time are large expenses. These can be effectively controlled and reduced through technologies that enable standard processes. Level of Concern Rank of Concern Variability of Concern The less control IT has over the information source the greater the concern for eDiscovery. Technology matters because it enforces a standard process. Control the cost of the technology by having the process in place first and buying only the technology that you need. Even if you use outside council you are still responsible for receiving the initial request and placing the initial hold on appropriate information sources. These organizations find external email the most difficult to find. Organizations that have a formal plan and the capabilities to perform eDiscovery search rank email and sensitive documents as the top concerns. This is a case where technology matters. Those organizations with email archive or ECM systems did not rank email and sensitive documents in their top five. External email is the biggest concern for IT administrators. Sensitive documents (records) also represent an area of key concern. Source: Info-Tech Research Group, Q1 2013; N=24.

9. Info-Tech Research Group9 Legal signs off on IT’s search. Deploy a formal approach to reduce cost and chaos for both IT and legal counsel Request Ad Hoc Formal Legal and IT define who are the principals in the request. Legal defines search terms request and initial archive inventory Search based grouping of documents. IT moves all relevant principal documents to archive location. Legal performs redaction. Legal receives request. IT places hold on set of documents. Sends request to IT. IT defines the potential documents. Legal evaluates documents. Expansion of document set. Human-based first cull. Legal defines key documents to limit size of final package. IT builds and performs search to ensure completeness. Requests redaction and document production. IT performs document production. Documents reviewed. Gaps identified. Ad hoc processes for discovery work but they become incredibly complicated.

10. Info-Tech Research Group10 Technology and governed processes will drastically reduce the overall costs. A basic eDiscovery project with ad hoc processes can cost millions of dollars Manual review. Consider the size of an average eDiscovery project (100 GBs or 300K documents). All documents are reviewed by a member of legal counsel at an average cost of $350 per hour (for an Associate and two paralegals). This team can review 50 documents per hour. Back-up and search. This replaces the manual search with a on-demand archive solution for audit and search. Assumes review is still human based. Archive and search. Using a lower cost archive product and a separate search platform for more granularity. Assumes that review is still human based. Early case assessment. Use of a dedicated eDiscovery search and archive tool. Assumes that the sampling and initial review is done using the eDiscovery system via Technology Assisted Review (TAR). Governed process. Adds a dedicated archive system to enhance the capture and retention. Info-Tech analysis of how structured eDiscovery processes save money. Costs are based on publicly available legal quotes for eDiscovery services, archive, and search products. Total cost of eDiscovery (per 100 GBs)Percent of total cost spent on technology Shift costs from manual discovery to classification and search tools to reduce the cost.

11. Info-Tech Research Group11 Take advantage of the Electronic Discovery Reference Model to formalize the eDiscovery process Info-Tech used the EDRM framework to devise a IT- centric guidance for managing eDiscovery. This EDRM-based eDiscovery process is broken into discrete steps with explicit guidance on who should be involved with each step from request to production. Formalize the process so that IT can control the pain and business disruption that this rare occurrence creates. Electronic Discovery Reference Model (EDRM) EDRM.net provides a wide variety of best practices standards for controlling and verifying the discovery process. The EDRM framework is a direct response to the changes made in the U.S. Federal Rules of Civil Procedure in 2006 when electronic communications were explicitly recognized as legal documents. EDRM is an excellent framework for IT to build a process to satisfy and enable legal to take control of eDiscovery. Information Management Identification Preservation Collection Processing Review Analysis Production EDRM has five specific steps: EDRM is a responsive process not a governance strategy. Records managers should look to DoD5015.2 or MoReq2010 for their larger governance processes and technology needs.

12. Info-Tech Research Group12 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889