ISO/IEC 27050-4:2021

INTERNATIONAL ISO/IEC
STANDARD 27050-4
First edition
2021-04
Information technology — Electronic
discovery —
Part 4:
Technical readiness
Technologies de l'information — Découverte électronique —
Partie 4: Préparation technique
Reference number
ISO/IEC 27050-4:2021(E)
©
ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC 27050-4:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27050-4:2021(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 2
5 Electronic discovery background . 2
6 Technical readiness . 4
7 Readiness for electronic discovery. 4
7.1 ESI identification . 4
7.1.1 General. 4
7.1.2 ESI landscape . 5
7.1.3 Data map . 5
7.1.4 Data classification . 5
7.1.5 Proactive ESI identification . 6
7.2 ESI preservation . 6
7.2.1 General. 6
7.2.2 Assessing preservation needs . 6
7.2.3 Preservation obligations . 6
7.2.4 Hold/preservation notices . 6
7.2.5 Proactive ESI preservation . 7
7.3 ESI collection . 7
7.3.1 General. 7
7.3.2 Methods of ESI collection . 7
7.3.3 Proactive ESI collection . 7
7.4 ESI processing . 8
7.4.1 General. 8
7.4.2 Tools for ESI processing . . 8
7.4.3 Reduction of ESI . 8
7.4.4 Proactive ESI processing . 8
7.5 ESI review . 9
7.5.1 General. 9
7.5.2 Technology-assisted review . 9
7.5.3 Proactive ESI review . 9
7.6 ESI analysis . 9
7.6.1 General. 9
7.6.2 Tools and tasks for ESI analysis . 9
7.6.3 Proactive ESI analysis .10
7.7 ESI production .10
7.7.1 General.10
7.7.2 Producing parties .10
7.7.3 Receiving parties.11
7.7.4 Proactive ESI production .11
8 Additional considerations .11
8.1 General .11
8.2 Privacy and data protection .11
8.3 Long-term retention of ESI .12
8.3.1 Retention and preservation .12
8.3.2 General data retention .12
8.3.3 Archive .13
8.4 Destruction of ESI .14
© ISO/IEC 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 27050-4:2021(E)

8.5 Business continuity management .15
9 Electronic discovery cross-cutting aspects .16
9.1 General .16
9.2 Planning .16
9.2.1 Configuration and preparation .16
9.2.2 Budgeting and cost control .16
9.2.3 Monitoring and reassessment .17
9.2.4 End of project considerations .17
9.3 Documentation .17
9.4 Expertise . .17
9.4.1 Support and maintenance .17
9.4.2 Assembling the team .17
9.4.3 Competency and training .19
9.4.4 Stakeholder engagement .19
9.5 Use of technology .19
9.5.1 Platform selection/system architecture .19
9.5.2 Retiral or migration of systems .19
Annex A (informative) ESI storage questionnaire .21
Bibliography .29
iv © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 27050-4:2021(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
A list of all parts in the ISO/IEC 27050 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO/IEC 2021 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 27050-4:2021(E)

Introduction
Electronic discovery can expose organizations and their stakeholders within and outside those
organizations to collective and individual risks, including legal, financial and ethical.
This document is to be read in relation to ISO/IEC 27050-1, ISO/IEC 27050-2, and ISO/IEC 27050-3.
Electronic discovery often serves as a driver for investigations as well as evidence acquisition
and handling activities (covered in ISO/IEC 27037). In addition, the sensitivity and criticality of the
electronically stored information (ESI) sometime necessitate protections like storage security to guard
against data breaches (covered in ISO/IEC 27040).
vi © ISO/IEC 2021 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 27050-4:2021(E)
Information technology — Electronic discovery —
Part 4:
Technical readiness
1 Scope
This document provides guidance on the ways an organization can plan and prepare for, and implement,
electronic discovery from the perspective of both technology and processes. This document provides
guidance on proactive measures that can help enable effective and appropriate electronic discovery
and processes.
This document is relevant to both non-technical and technical personnel involved in some or all of the
electronic discovery activities.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 22123-1, Information technology — Cloud computing — Vocabulary
ISO/IEC 27000, Information technology — Security techniques — Information security management
systems — Overview and vocabulary
ISO/IEC 27050-1:2019, Information technology — Electronic discovery — Part 1: Overview and concepts
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 27000, ISO/IEC 27050-1,
and ISO/IEC 22123-1 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http:// www .iso .org .obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
compliance obligations
legal requirements and other requirements
legal requirements that an organization has to comply with and other requirements that an organization
has to or chooses to comply with
Note 1 to entry: Compliance obligations can arise from mandatory requirements, such as applicable laws and
regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships,
codes of practice and agreements with community groups or non-governmental organizations.
[SOURCE: ISO 14001:2015, 3.2.9, modified — Note 1 to entry has been removed and Note 2 to entry
renumbered.]
© ISO/IEC 2021 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC 27050-4:2021(E)

3.2
technical readiness
state of having the knowledge, skills, processes and technologies needed to address a particular issue
or challenge
4 Symbols and abbreviated terms
BCM business continuity management
CCTV closed-circuit television
ESI electronically stored information
ICT information and communication technology
PBX private branch exchange
PII personally identifiable information
RIM records and information management
SaaS software as a service
TAR technology-assisted review
VPN virtual private network
WORM write once read many
5 Electronic discovery background
Electronic discovery is an element of traditional discovery or disclosure and it is a process that
typically involves identifying, preserving, collecting, processing, reviewing, analysing and producing
electronically stored information (ESI) that can be potentially relevant to a particular matter. The
requirements and recommendations provided in this document are in accordance with the electronic
discovery concepts described in:
— ISO/IEC 27050-1:2019, Clause 3: key electronic discovery terminology;
— ISO/IEC 27050-1:2019, 6.2: electronic discovery issues and primary cost drivers;
— ISO/IEC 27050-1:2019, 6.3: general electronic discovery objectives;
— ISO/IEC 27050-1:2019, Clause 7: common ESI types, common sources, and representations;
— ISO/IEC 27050-1:2019, Clause 8: description of the electronic discovery process and the process
elements.
ISO/IEC 27050-1 differentiates between generic actions such as "identifying" from the specific electronic
discovery process elements by preceding the names with "ESI" (e.g. ESI identification). Likewise, this
document follows this approach. Figure 1, repeated from ISO/IEC 27050-1:2019, shows all the electronic
discovery process elements and the interrelationships between them (see ISO/IEC 27050-1:2019, 8.1,
for a full description).
2 © ISO/IEC 2021 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 27050-4:2021(E)

Figure 1 — Electronic discovery process elements
ISO/IEC 27050-2 provides guidance for decision makers and those holding responsible roles to ensure
that causes of failure are properly managed and, where possible, minimized while still complying
with policy and conformance requirements to enable effective and appropriate electronic discovery
and processes. ISO/IEC 27050-3 provides requirements and guidance associated with the electronic
discovery process elements shown in Figure 1. While the guidance and requirements provided in
ISO/IEC 27050-2 and ISO/IEC 27050-3 cover key aspects of electronic discovery, organization can
benefit from additional proactive measures that address a range of related challenges.
The ISO/IEC 27050 series addresses these challenges by:
— promoting common understanding of various concepts and terminology for electronic discovery;
— articulating objectives and risks inherent in the steps in the electronic discovery process;
— encouraging practical and cost-effective discovery by those tasked with managing ESI through the
process;
— providing guidance and best practices for those responsible for delivering electronic discovery
projects (e.g. legal practitioners, services providers, independent experts, courts, and any other
parties engaged in the process);
— identifying competency areas for those involved in electronic discovery;
— promoting the proactive use of technology to reduce costs and risks, while increasing efficiencies
throughout the discovery process;
— suggesting ways to avoid inadvertent disclosures of potentially privileged, confidential, or
sensitive ESI.
The overriding objective is to help organizations meet their electronic discovery goals (e.g. legal
obligations, business objectives, regulatory requirements).
While this document has been written with larger electronic discovery projects in mind, and therefore
covers aspects encountered in the majority of matters. It is not necessarily the case that all steps are
© ISO/IEC 2021 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC 27050-4:2021(E)

required or proportionate to every matter. For example, in small matters, it is possible that a single
person manages and completes every aspect of the project, whereas larger matters can warrant the use
of separate individuals or even teams for each element of the electronic discovery project.
6 Technical readiness
Technical readiness means having the knowledge, skills, processes and technologies needed to address
a particular issue or challenge. For an organization, this does not mean that it is all-knowing and able to
do everything, but rather it is fit for purpose and ready for the task at hand, including any contingency
that can occur.
Within the context of electronic discovery, technical readiness means an organization is well positioned
to address the tasks associated with the appropriate electronic discovery process elements. This
readiness is also dependent on the type of organization (e.g. legal versus records management) as
well as the role the organization plays in the electronic discovery process (e.g. producing party versus
receiving party).
The electronic discovery readiness objectives can include the following:
— comply with confidentiality, data privacy and other restrictions on data access, use, handling or
transfer imposed by applicable laws, regulations, rules and expectations;
— identify potentially relevant sources of ESI;
— properly preserve and retain potentially relevant ESI;
— produce responsive ESI in a form that is useable by the requesting party;
— conduct the electronic discovery process within the time constraints.
Technical readiness in the context of electronic discovery should be based on the information
architecture, business processes, and data classification and retention policies of the organization.
Technical readiness is the achievement of the appropriate level of capability by an organization in
order for it to be able to identify, preserve, collect, process, review, analyse and produce ESI. It is also
important the ESI is protected (for example, backup, business continuity management, or security) and
organized so that this material can be used effectively.
Technical readiness implies a proactive effort to better address electronic discovery projects in the
future. This effort can require ESI to be organized, participants to be properly trained, protocols to be
developed and data retention and disposal practices to be formalized.
This should form part of the electronic discovery plan (see ISO/IEC 27050-2:2018, 6.5).
7 Readiness for electronic discovery
7.1 ESI identification
7.1.1 General
ISO/IEC 27050-3:2020, 6.2, provides both requirements and guidance for ESI identification. Of these,
the following can benefit from readiness or proactive activities:
— basic planning associated with determining who executes ESI identification and how it is expected
to be performed;
— understanding the organization's ESI landscape, including operational aspects that could impact
preservation;
— development of standard templates for interview questions and survey forms;
4 © ISO/IEC 2021 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC 27050-4:2021(E)

— create a list or inventory of systems, or possibly a data map to provide a centralized listing of what
types of ESI the organization has and where it is stored;
— understand the implications associated with issuing legal holds or preservation orders.
7.1.2 ESI landscape
ISO/IEC 27050-1:2019, Clause 7, provides useful information on the common types of ESI, common
sources of ESI, ESI representations and non-ESI as part of the electronic discovery process. This
information, when combined with the matter specific requirements, can serve as a useful starting point
in identifying potential sources of relevant ESI. These sources can include business units, people, ICT
systems and hardcopy.
Identification should be as thorough and comprehensive as possible. The scope of ESI potentially
subject to preservation and disclosure can be uncertain in the early phases of a matter. The nature of
the matter itself and the individuals involved can change as the matter progresses. The identification
team should anticipate change and have a procedure in place for capturing any newly identified ESI.
Identification requires diligent investigation and analytical thinking.
7.1.3 Data map
A data map is a comprehensive and defensible inventory of an organization’s ICT systems that store ESI.
It is important to create a data map to provide a centralized listing of which types of ESI exist within
the organization (see ISO/IEC 27050-3:2020, 6.2.5). This should also include details of specific locations
of data sets and can include the route data takes when in transit alongside, for example, who has control
over a mailbox and where the servers sit including any hardcopy material requirements.
This data map should be designed and managed with the assistance of ICT personnel and should
identify all relevant policies (e.g. retention policy, preservation policy, BCM policy) applicable to each
item of ESI. Ideally, the data map can also include the locations of hardcopy material. Resource should
be assigned to the task and on-going responsibility of creating and managing the data map.
After the triggering event, the electronic discovery team can use the data map to identify where the
relevant material is stored (ESI map).
The ESI map can provide sufficient detail around what data repositories are potentially discoverable
and how the data within them can be produced to help inform decisions
...