ISACA: Policy and technology key to reducing e-discovery risks


-Apply a consistent approach to e-discovery, giving the organisation time to evaluate and validate the information

-Establish information security controls - in line with the organisation's security policies - to protect information extracted.

-Conduct employee training and awareness

"An added bonus of creating an e-discovery programme is that it not only reduces risk related to litigation, but can also improve an organisation's compliance posture," said Kamal Dave, chief architect at Hewlett-Packard, who co-authored the Electronic Discovery whitepaper.

"It can also help control costs by eliminating a 'keep everything' mentality that exists when an organisation is unclear about the type of information to retain and how long to store it," said Dave.