ISO/IEC 27050 Information technology – Security techniques – Electronic discovery

Book a demo

team,brainstorming,process.,photo,young,creative,managers,crew,working,with

What is ISO 27050?

ISO/IEC 27050 specifies standards and guidelines for electronic discovery activities, such as identifying, preserving, collecting, processing, reviewing, analysing, and producing electronically processed information (ESI).

Additionally, ISO/IEC 27050 outlines pertinent steps spanning the ESI’s lifecycle, from initial conception to ultimate disposal. ISO/IEC is applicable to all non-technical and technical personnel who are interested in any or all aspects of electronic discovery.

It is important to remember that the standards and guidelines are not meant to negate or invalidate applicable local jurisdictional laws and regulations, and the user is required to practise due diligence to ensure consistency with applicable jurisdictional requirements.

What is the purpose of ISO 27050?

The ISO 27050 standards were created with the aim of promoting best practices in forensic capture and investigation of digital discovery.

Although individual investigators, organisations, and jurisdictions may well use these techniques, processes, and controls in accordance with local laws, regulations, and accepted practices, standardisation is hoped to eventually lead to the implementation of similar if not identical solutions globally.  This will make it easier to compare, combine, and contrast the results of those investigations.

See our simple, powerful platform in action

What is Electronic Discovery?

Electronic discovery (sometimes called e-discovery or ediscovery) is the process of identifying, gathering and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation. Documents, emails, databases, presentations, voicemail, audio and video recordings, social media, and web pages are all examples of ESI.

Due to the sheer amount of electronic data generated and processed, the processes and technology associated with e-discovery are often complicated. Furthermore, electronic documents, unlike hardcopy documents, are more dynamic and often include metadata such as time and date stamps, author and receiver information, and file properties.

Preserving the original material and metadata for electronically stored documents is necessary to avoid subsequent accusations of material falsification or manipulation. Hacking for the purpose of collecting vital evidence on a court-ordered or government-sanctioned basis is often a form of e-discovery.

What is Electronically Stored Information (ESI)?

Electronically Stored Information (ESI) is a term you hear often during litigation involving the collection of emails. ESI is defined as any data, records or information that is created, modified, stored electronically or magnetically, and saved on electronic media such as hard drives/devices.

ESI covers the basics of email communication as well as many other types of documents (servers, social media platforms and cloud storage).

If you’re involved in a lawsuit then ESI plays an important role in identifying the key parties to a lawsuit and in documenting the discovery process.

ISMS.online makes setting up and managing your ISMS as easy as it can get.

Peter Risdon
CISO, Viital

Book your demo

See who we’ve already helped

What is the scope of ISO 27050? (Electronic Discovery Process)?

The following are the primary stages or processes involved in electronic discovery (eDiscovery):

Identification

The Electronically stored information (ESI) that may be important to a case is established, along with its locations, custodians, sizes/volumes, and other characteristics.

This may be more complicated, as it can affect not only the participants’ personal records but also that of their families, relatives. The identification can also affect organisations such as telecommunications firms and providers of services such as email and Internet access (ISPs), as well as social media.

This process is often time-sensitive, as information (particularly ephemeral operational data) can be ruined or lost prior to being collected and stored.

Preservation

Legal holds are placed on the identified relevant ESI, initiating the formalised forensic process intended to guarantee, beyond doubt, that these items are safe through the remaining stages against the following threats: loss/theft, accidental damage, intentional manipulation, replacement/substitution.

There are activities that are likely to damage, discredit, and devalue the ESI, perhaps resulting in its being ruled inadmissible or simply useless.

Legal holds are basically rules that keep the custodian from tampering with or erasing electronic documents.

Those who fail to do so may face sanctions.

The court still has the power to fine the defendant even if it ruled that the failure to preserve as a result of negligence if the inability to preserve the data significantly compromises the defence.

Collection

The ESI is usually collected from the original custodian by physically retrieving the original portable storage media, such as memory devices, hard drives, CDs, DVDs, etc. and perhaps related physical evidence that may include fingerprints or DNA evidence tying a suspect to a crime.

In the case of the Internet, cloud, or other distributed and ephemeral data, such as RAM on an operating system, it may be impractical or difficult to protect the data through physical media capture, and therefore the data must be collected directly in a manner that is forensically appropriate.

Certain businesses that deal with a high volume of lawsuits have software in place to automatically place legal holds on specific custodians in response to a trigger case (such as a legal notice) and initiate the collection process immediately. Some businesses may need the assistance of a digital forensics specialist to avoid data spoliation.

Processing

Native files are prepared for loading into a document review portal during the processing phase. This process often includes the extraction of text and metadata from the original files. Various data culling procedures, such as deduplication and de-NISTing, are used during this process. At this point, native files are often converted to formats like PDF or TIFF to facilitate redaction and bates-labelling.

Modern processing software may also use sophisticated analytic tools to assist document review lawyers in identifying potentially important documents with greater accuracy.

Review

The electronically stored information is searched or analysed for case-relevant information. Various activities associated with this process can be facilitated by various document review platforms, including the quick identification of potentially relevant documents and the culling of documents based on various criteria (such as keyword, date range, etc.).

Additionally, the majority of review tools make it simple for large numbers of document review attorneys to collaborate on cases, utilising collaborative tools and batch processing to expedite the review process and minimise duplication of effort.

Analysis

The material is further analysed and evaluated as to its importance, suitability, significance, consequences, etc.

Production

The court receives the relevant material from the analysis, as well as the original storage medium and other documentation. This invariably entails presenting and describing the significance of the facts in ways that the court understands. A load file is often included with this production and is used to load documents onto a document review portal. Documents may be presented as native files or PDF and TIFF with metadata.

We felt like we had
the best of both worlds. We were
able to use our
existing processes,
& the Adopt, Adapt
content gave us new
depth to our ISMS.

Andrew Bud
Founder, iproov

Book your demo

We started off using spreadsheets and it was a nightmare. With the ISMS.online solution, all the hard work was made easy.
Perry Bowles
Technical Director ZIPTECH
100% of our users pass certification first time
Book your demo

ISO/IEC 27037

ISO 27037 focuses on the actual collection and storage of potential digital evidence and has nothing else to do with further processing of the evidence, such as its review, presentation, and disposal.

Individuals who handle digital data should be able to recognise and mitigate threats associated with dealing with this kind of evidence in order to protect it from being degraded and rendered worthless. ISO 27037 establishes the standards that this person can follow in order to safeguard the integrity and authenticity of digital evidence.

ISO/IEC 27041

ISO 27041 establishes guidelines for ensuring the suitability of procedures and protocols used in the analysis of information security activities. It embodies best practices for identifying requirements, outlining procedures, and demonstrating that these practices meet the standard’s requirements. ISO 27041 provide instructions on the collection and review of data for an evaluation of an information security (IS) incident.

ISO/IEC 27042

The ISO 27042 standard, which is part of the ISO/IEC 27000 family of standards and was published in 2015, establishes a framework for electronic evidence and its subsequent interpretation. It determines how a specialist would approach the study and eventual understanding of a particular form of digital proof in a given situation. ISO 27042 clearly defines a set of best practices for the collection, design, and implementation of digital evidence.

ISO/IEC 27043

To make digital evidence from a digital forensic investigation admissible, a formalised and, preferably, a standardised procedure must be followed. This is the objective of ISO 27043. The digital forensic investigation process is governed by ISO 27043. It establishes a series of procedures for investigators to follow in order to preserve the integrity of digital data obtained by e-discovery.

BS 10008:2008

BS 10008 is a British Standard that defines best practices for the implementation of electronic information management systems, including information storage and transfer. It is intended to assist you in verifying and authenticating all of your records in order to prevent the ethical pitfalls associated with data collection. BS 10008 specifies best practices for electronically exchanging data between applications and migrating paper documents to digital files. Additionally, it establishes rules for handling the availability and accessibility of any documents that could be requested as testimony in court.

Download your brochure

Transform your existing ISMS

Download your free guide
to streamlining your Infosec

Get your free guide

ISO 27050 Part 2: Guidance for governance and management of electronic discovery

The ISO 27050-2 standard provides guidelines associated with the electronic discovery processes framework described in ISO 27050-1. It was published in 2018. ISO 27050-2 establishes a framework for electronic discovery for technical and non-technical senior management staff in an organisation. This covers those accountable for adhering to statutory and regulatory provisions, as well as industry practices.

It provides a best practice framework for forensic work, which describes the structure and controls that should govern all parts of forensic work within a controlled, repeatable and trusted environment.

ISO 27050-2 outlines how e-forensic staff can identify risks associated with electronic discovery, establish policies, and ensure compliance with applicable external and internal standards.

Additionally, it addresses how to establish those policies in a way that they can be used to inform process control. Additionally, it offers guidelines on how to execute and manage electronic discovery in line with the policies.

ISO 27050 Part 3: Code of practice for electronic discovery

The ISO 27050-3 standard provides guidelines associated with the electronic discovery processes framework described in ISO 27050-1. It was published in 2020 and outlines a comprehensive approach to electronic discovery, and offers useful insight into some of the technical advantages and threats that litigation counsel should be mindful of.

ISO 27050-3 provides a set of guidelines that an organisation can use to evaluate its operations, and ensure its competencies are correct, as regards e-discovery.  The standard is a unique resource since it was developed under the direction of legal and information technology security professionals with direct input from legal practitioners, judges, e-discovery professionals, and bar associations.

ISO 27050-3 possesses international recognition and can serve as a shared set of guidelines for those interested in or mediating discovery.  Plus, the fact that the ISO’s code is a global commodity may increase its adoption in instances where the discovery process spans national boundaries and crosses regions.

ISO 27050-3 articulates the goals and outlines the criteria required to allow successful processes and outcomes for each step of the e-discovery process, from preservation to production, by outlining a list of general standards to adopt without exactly defining how they are to be applied.

Notably, ISO 27050-3 highlights the considerations to acknowledge in order to prevent mistakes during each process, alerting practitioners to common pitfalls that can derail an otherwise serious e-discovery attempt.

ISO 27050 Part 4: Technical readiness

Technical readiness is described formally as the “state of possessing the necessary expertise, skills, procedures, and technology to resolve a particular problem or issue.”

It entails possessing the necessary expertise, abilities, procedures, and technology to solve a specific problem or obstacle. This does not mean that an organisation is all-knowing and capable of doing it all; rather, it means that it is fit for purpose and prepared for the mission at hand, including any contingency that might arise.

Technical readiness, as it affects eDiscovery refers to an organisation achieving the required degree of competence in order to recognise, maintain, collect, process, evaluate, analyse, and deliver ESI. Additionally, it is critical that ESI is secure and structured efficiently so that it can be used effectively.

ISO 27050-4 focuses on an organisation’s operational readiness to implement e-discovery. It encompasses the forensic instruments and systems that facilitate the collection, storage, compilation, scan, review, and production of ESI, as well as the associated processes needed for eDiscovery.

Implementing eDiscovery Standard

The significance of eDiscovery cannot be overstated: it is a key catalyst of archiving framework and has important consequences for how organisations preserve, store, and maintain their electronic information. Failure to handle eDiscovery properly may have serious consequences.

At ISMS.online, we leverage our expertise and cutting-edge technology to provide a cloud-based platform that enables you to demonstrate compliance with the eDiscovery standard. We base our electronic exploration projects on the Electronic Discovery Reference Model (EDRM).

Our platform can assist you in determining the optimal combination between in-house and outsourced resources for your eDiscovery process and can guide you at each point.

If you use the Electronic Discovery Reference Model (EDRM) or a comparable model, our system can assist you in allocating internal and external resources by combining the desired process with an appropriate technological solution. Get in touch on +44 (0)1273 041140 to request a demo.

See our platform features in action

A tailored hands-on session based on your needs and goals

Book your demo

Don’t see what you’re looking for?
We can build it easily.

The proven path to ISO 27001 success

Built with everything you need to succeed with ease, and ready to use straight out of the box – no training required!
Policies

Perfect Policies & Controls

Easily collaborate, create and show you are on top of your documentation at all times

Find out more
Risk-Management

Simple Risk Management

Effortlessly address threats & opportunities and dynamically report on performance

Find out more
Reporting

Measurement & Automated Reporting

Make better decisions and show you are in control with dashboards, KPIs and related reporting

Find out more
Audits

Audits, Actions & Reviews

Make light work of corrective actions, improvements, audits and management reviews

Find out more
Linking

Mapping & Linking Work

Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers

Find out more
Assets

Easy Asset Management

Select assets from the Asset Bank and create your Asset Inventory with ease

Find out more
Seamless-Integration

Fast, Seamless Integration

Out of the box integrations with your other key business systems to simplify your compliance

Find out more
Standards-Regulations

Other Standards & Regulations

Neatly add in other areas of compliance affecting your organisation to achieve even more

Find out more
Compliance

Staff Compliance Assurance

Engage staff, suppliers and others with dynamic end-to-end compliance at all times

Find out more
Supply-Chain

Supply Chain Management

Manage due diligence, contracts, contacts and relationships over their lifecycle

Find out more
Interested-Parties

Interested Party Management

Visually map and manage interested parties to ensure their needs are clearly addressed

Find out more
Privacy

Strong Privacy & Security

Strong privacy by design and security controls to match your needs & expectations

Find out more
 

What kind of help do you need from us?

New to information security?

We have everything you need to design, build and implement your first ISMS.

Find out more

Ready to transform your ISMS?

We’ll help you get more out of the infosec work you’ve already done.

Find out more

Want to unleash your infosec expertise?

With our platform you can build the ISMS your organisation really needs.

Find out more

Explore other standards within the ISO 27k family

  • 1The ISO 27000 family
  • 2ISO 27002
  • 3ISO 27003
  • 4ISO 27004
  • 5ISO 27005
  • 6ISO 27008
  • 7ISO 27009
  • 8ISO 27010
  • 9ISO 27014
  • 11ISO 27013
  • 12ISO 27016
  • 13ISO 27017
  • 14ISO 27018
  • 15ISO 27019
  • 16ISO 27038
  • 17ISO 27039
  • 18ISO 27040
  • 19ISO 27050
  • 20ISO 27102

100% of our users achieve ISO 27001 certification first time

Start your journey today
See how we can help you

Explore ISMS.online's platform with a self-guided tour - Start Now