In the D:Drive blog post " An International Standard on E-Discovery is Becoming a Reality", I introduced the development of an international standard for electronic discovery, "ISO/IEC 27050 – Information technology – Security techniques – Electronic discovery" ("ISO/IEC 27050"). ISO/IEC 27050 aims to put in place internationally-recognized standard procedures and practices for the stages of "e-discovery", the process of discovering pertinent Electronically Stored Information (ESI) by one or both parties involved in an investigation and any resulting actions.

ISO/IEC 27050 addresses activities in e-discovery, including identification, preservation, collection, processing, review, analysis, and production of ESI. While ISO/IEC 27050 is not intended to contradict or supersede local jurisdictional laws and regulations, it will likely impact multi-national organizations by bringing consistency to issues that span across international borders.

I am the expert advisor representing Canada with respect to the negotiation of the ISO/IEC 27050 and I am on the editing team, with a focus on Part 3, Code of practice for electronic discovery. My co-editor on Part 3 and the Project Editor of all parts of the standard is Eric Hibbard, who is a member of the US expert team with whom I negotiate international information security standards.

Eric Hibbard has written an excellent article, "Electronic Discovery Standardization," in which he describes the genesis and scope of the ISO/EIC 27050 project and explains the content of the working drafts.

As Mr. Hibbard describes in his article, ISO/IEC 27050 will be a four-part international standard addressing activities in e-discovery:

  1. Part 1: Overview and Concepts - Provides an overview of e-discovery, introducing relevant terminology, concepts, and processes. This Part is intended to be informative rather than normative.
  2. Part 2: Governance and Management - Targets C-level executives within organizations that may be confronted with e-discovery scenarios, which may or may not be legal in nature. This Part describes how such personnel can identify and take ownership of risks related to e-discovery, set policy relating to e-discovery and achieve compliance with external and internal requirements relating to e-discovery.
  3. Part 3: Code of Practice - This Part sets out the document that will contain the bulk of the guidance, and more importantly, the requirements, for practising e-discovery. Part 3 is expected to have the most impact on e-discovery because of the inclusion of requirements that can serve as the basis for conformance and ultimately certification of entities as being in compliance with internationally-recognized best practices.
  4. Part 4: ICT Readiness - Part 4 is intended to address the e-discovery technology issues. This Part takes the policies and management from Part 2, combines it with the guidance and requirements for the e-discovery processes and activities in Part 3, and provides guidance for the use of technology to make e-discovery more effective and efficient.

I am delighted that Mr. Hibbard, as well as the Ave Maria Law Review, have given me permission to republish this article for readers of the D: Drive.

The next round of face-to-face international meetings to discuss the development of ISO/IEC 27050 is scheduled for May 4-9, 2015, in Kuching, Malaysia, and the editing team has been hard at work preparing the drafts that will form the basis of those discussions.

Click here to read Mr. Hibbard's full article.

"Electronic Discovery Standardization" by Eric Hibbard was originally published in the Ave Maria Law Review, July 2014, Vol 12, Issue 2, p 313.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.