Category Archives: Best Practices

January 27, 2021 · 10:28 AM

Architecting a New Paradigm in Legal Governance

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

Exponential growth and change in business strategy, risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Gone are the years of simplicity in business operations.

Managing the complexity of business from a legal and privacy perspective, governing information that is pervasive throughout the organization, and keeping continuous business and legal change in sync is a significant challenge for boards, executives, as well as the legal professionals in the legal department. Organizations need an integrated strategy, process, information, and technology architecture to govern legal, meet legal commitments, and manage legal uncertainty and risk in a way that is efficient, effective, and agile and extends into the broader enterprise GRC architecture.

In my previous blog, Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC, I began this discussion, and here I aim to expound on it further from a legal context.

Legal today is more than legal matters, actions, and contracts. Today’s legal organization has to respond to incident/breach reporting and notification laws in a timely and compliant manner, respond to Data Subject Access Requests (DSAR), harmonize and monitor retentions obligations, conduct eDiscovery, manage legal holds on data, and continuously monitor regulations and legislation and apply them to a business context.

In today’s global business environment, a broad spectrum of economic, political, social, legal, and regulatory changes are continually bombarding the organization. The organization continues to see exponential growth of regulatory requirements and legal obligations (often conflicting and overlapping) that must be met, which multiply as the organization expands global operations, products, and services. This requires an integrated approach to legal governance, risk management, and compliance (GRC) with a goal to reliably achieve objectives while addressing uncertainty and act with integrity.[1] This includes adherence to mandatory legal requirements and voluntary organizational values and the boundaries each organization establishes. The legal department, with responsibility for understanding matter management, issue identification, investigations, policy management, reporting and filing, legal risk, and the regulatory obligations faced by the organization, is a critical player in GRC (what is understood as Enterprise or Integrated GRC), as well as improving GRC within the legal function itself.

A successful legal management information architecture will be able to connect information across risk management and business systems. This requires a robust and adaptable legal information architecture that can model the complexity of legal information, discovery, transactions, interactions, relationship, cause and effect, and the analysis of information, which can integrate and manage a range of business systems and external data. Key to this information architecture is a clear data inventory and map of information that informs the organization of what data it has, who in the organization owns it, what regulatory retention obligations are attached to it, and what third parties have access to it. This is a fundamental requirement for applying process and effectively operationalizing an organization’s GRC activities, as detailed in the previous blog.

There can and should be an integrated technology architecture that extends GRC technology and operationalizes it in a legal and privacy context. This connects the fabric of the legal processes, information, discovery, and other technologies together across the organization. This is a hub of operationalizing GRC and requires that it be able to integrate and connect with a variety of other business systems, such as specialized legal discovery solutions and integrate with broader enterprise GRC technology.

The right technology architecture choice for an organization involves the integration of several components into a core enterprise GRC and Legal GRC architecture – which can facilitate the integration and correlation of legal information, discovery, analytics, and reporting. Organizations suffer when they take a myopic view of GRC technology that fails to connect all the dots and provide context to discovery, business analytics, objectives, and strategy in the real-time that a business operates in. 

Extending and operationalizing GRC processes and technology in context of legal and privacy enables the organization to use its resources wisely to prevent undesirable outcomes and maximize advantages while striving to achieve its objectives. A key focus is to provide legal assurance that processes are designed to mitigate the most significant legal issues and are operating as designed. Effective management of legal risk and exposure is critical to the board and executive management, who need a reliable way to provide assurance to stakeholders that the enterprise plans to both preserve and create value. Mature GRC enables the organization to weigh multiple inputs from both internal and external contexts and use a variety of methods to analyze legal risk and provide analytics and modeling.

[1] This is the OCEG definition of GRC.

Leave a comment

Filed under Best Practices, CaCPA, eDiscovery & Compliance, GDPR, Information Governance, Information Management, Uncategorized

December 22, 2020 · 11:14 AM

Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

At its core, GRC is the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE]. GRC is something organizations do, not something they purchase. They govern, they manage risk, and they comply with obligations. However, there is technology to enable GRC related processes, such as legal and privacy, to be more efficient, effective, and agile.

However, too often the focus on GRC technology is limited to the process management of forms, workflow, tasks, and reporting. These are critical and important elements, but the role of technology for GRC is so much broader to operationalize GRC activities that are labor intensive, particularly in the context of legal and privacy. Simply managing forms, workflow, and tasks are no longer enough. Organizations need to start thinking how they can integrate eDiscovery and data/information governance solutions within their core GRC architecture.

What is needed is the ability to search, find, monitor, interact, and control data throughout the business environment. GRC platforms are excellent at managing forms, workflow, tasks, analytics, and reporting. But behind the scenes there are still labor-intensive tasks or disconnected solutions that actually find, control, and assess the disposition of sensitive data in the enterprise. eDiscovery and information governance solutions have been disconnected and not strategically leveraged for GRC purposes. Together, the core GRC platform that integrates with eDiscovery and information governance technologies builds exponential economies in efficiency, effectiveness, and agility.

Specifically, an integrated GRC solution that weds the core GRC platform with eDiscovery and information governance technology delivers full value to an organization that:

  • Discovers the attributes and metadata of data no matter where it lives within the environment as a key component of GRC processes for legal and privacy compliance.
  • Enables 360° awareness to assessments by discovering the information needed to conduct and deliver assessments effectively into the core GRC platform.
  • Delivers a centralized console to interact with data/information and metadata of files on devices across the organization (such as network file shares, OneDrive, and Dropbox data).
  • Automates the ability to interact with downstream endpoints/systems to provide the ability to search the content of records for keywords and perform analysis using regular expressions and classifiers.
  • Controls data wherever it is with the ability to get to the data and analyze it from a centralized console.

An integrated approach that brings together the core GRC platform with eDiscovery and information governance technology enables the organization to discover, manage, monitor, and control data right from the central GRC platform console. It enables the organization to get centralized and accessible insight into where sensitive information is, how it is being used, and what can be done with it.

  • For example. Within the GRC platform I can initiate a search based on key words or patterns (e.g., social security number). The eDiscovery/information governance solution then finds where that information is throughout the enterprise and delivers a list of records back to the GRC platform for analysis and monitoring.

This enables an integrated GRC architecture that brings 360° contextual awareness into information across the enterprise. It delivers enhanced efficiency in time saved and money saved chasing information through disconnected solutions and processes, it provides greater effectiveness through insight and control of information and enables greater agility across a dynamic environment to be responsive to issues of information governance. Together, a GRC platform with eDiscovery/information governance capabilities enables and delivers more complete and accurate data governance and privacy assessments, integrated findings, with the ability to manage remediation tasks from one central place.

Leave a comment

Filed under Best Practices, CaCPA, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management

December 9, 2020 · 10:44 AM

Traditional eDiscovery Processing is Now Obsolete

By John Patzakis

eDiscovery can be a very expensive process and time consuming when traditional methods are employed. With legacy processes, from the time ESI collection starts, it often takes weeks for the data to finally end up in review. Time is money, and this dramatically increases costs as well as risk.

ESI processing is a dedicated and often expensive step in the EDRM workflow. The majority of ESI processing consists of data culling and filtering, deduplication, text extraction, metadata preservation, and then staging the data for upload into a review platform, often in the form of a load (DAT) file.  Using ESI processing methods that involve on-premise hardware appliances that are not integrated with the collection process and do not integrate with review platforms like Relativity significantly increase cost and time delays. This means practitioners have to spend the often several weeks that are required by other cumbersome solutions through manual collections and multiple hand-offs.

However, the latest in collection technologies will now combine targeted collection with these processing steps that are performed “on the fly” and in the background so that the data is automatically collected, processed and uploaded into a review platform such as Relativity in one fell swoop.

The graphic below is an illustration contrasting the challenges associated with traditional eDiscovery processes, with the far more efficient new paradigm. When you engage in manual collection, and then manual on-premise hardware-based processing, and finally manual upload to review, you are extending the process by often weeks, you are dramatically increasing cost and risk with many manual data handoffs.

Providing a contrast to traditional methods, a recent Relativity webinar featured the integration of the X1 Distributed Discovery platform with its RelativityOne Collect solution. A live demonstration performed by Relativity Product Manager Greg Evans highlighted in real time how the integration dramatically improves the enterprise eDiscovery process by enabling a targeted and efficient search and collection process, with full and integrated ESI processing. Within minutes, data collected from endpoints with X1 is populated straight into a Relativity workspace, fully processed and ready for review, without any human interaction once the collection is started.

So in terms of the big picture, this X1/Relativity integration not only streamlines enterprise ESI collection, but it relegates ESI processing to a completely automated background function as an afterthought. That’s what disruption looks like.

A recording of the X1/Relativity integration webinar can be accessed here.

Leave a comment

Filed under Best Practices, collection, eDiscovery, Enterprise eDiscovery, ESI, Uncategorized

December 1, 2020 · 9:53 AM

Relativity Highlights Its X1 Integration for ESI Collection

By John Patzakis

Recently, Relativity hosted a live webinar featuring the integration of the X1 Distributed Discovery platform with its RelativityOne Collect solution. This X1/Relativity integration enables game-changing efficiencies in the eDiscovery process by accelerating speed to review, and providing an end-to-end process from identification through production. As stated by Relativity Chief Product Officer Chris Brown: “Our exciting new partnership with X1 highlights our continued commitment to providing a streamlined user experience from collection to production…RelativityOne users will be able to combine X1’s innovative endpoint technology with the performance of our SaaS platform, eliminating the cumbersome process of manual data hand-offs and allowing them to get to the pertinent data in their case – faster.”

The webinar featured a live demonstration showing X1 quickly collecting data across multiple custodians and seamlessly importing that data into RelativityOne in minutes. Relativity Collect currently supports Office 365 and Slack sources, and Relativity Product Manager Greg Evans noted that “this X1 integration will now enable Relativity Collect to also reach emails and files on laptops, servers,” and other network sources. The webinar outlined how the Relativity/X1 integration streamlines eDiscovery processes by collapsing the many hand-offs built into current EDRM workflows to provide greater speed and defensibility. Evans also said that new normal of web-enabled collections of remote custodians and data sources was a major driver for the Relativity/X1 alliance, as “remote collections now represent 90 percent of all eDiscovery collections happening right now.”

Adam Rogers, of Complete Discovery Source, a customer of both X1 and RelativityOne, highlighted a recent major multi-national litigation where the X1 and Relativity integration was critical to the success of the project. Adam noted that the effort would have taken about 30 days utilizing traditional methods, “but with this X1 and Relativity integration, we cut it down to 3 days, because with X1, we were able to index everything in-place, search, analyze and categorize that data right away, and then release that data to Relativity for review.”

The live demonstration performed by Greg Evans highlighted in real time how the integration improves the enterprise eDiscovery collection and ECA process by enabling a targeted and efficient search and collection process, with immediate pre-collection visibility into custodial data. X1 Distributed Discovery enhances the eDiscovery workflow with integrated culling and deduplication, thereby eliminating the need for expensive and cumbersome electronically stored information (ESI) processing tools. That way, the ESI can be populated straight into Relativity from an X1 collection.

The X1 and Relativity integration addresses several pain points in the existing eDiscovery process. For one, there is currently an inability to quickly and remotely search across and access distributed unstructured data in-place, meaning eDiscovery teams have to spend weeks or even months to collect data as required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection will significantly increase cost and time delays.

So in terms of the big picture, with this integration providing a complete platform for efficient data search, eDiscovery and review across the enterprise, organizations will save a lot of time, save a lot of money, and be able to make faster and better decisions. When you accelerate the speed to review and eliminate over-collection, you are going to have much better early insight into your data and increase efficiencies on many levels.

A recording of the X1/Relativity integration webinar can be accessed here.

Leave a comment

Filed under Best Practices, collection, ECA, eDiscovery, Enterprise eDiscovery, ESI

September 15, 2020 · 12:20 PM

Windows Can’t Find My OneDrive Files

By Bruce Berls
(originally published August 20, 2020)

Editor’s note: Today we are featuring a guest blog post from Bruce Berls, an independent IT Consultant and Office 365 expert. He is the CEO of Bruceb Consulting. www.bruceb.com

Windows Search has a problem with my OneDrive files. It can’t find them. I’ve gone back to using X1 Search, which indexes and searches everything, including OneDrive files, with grace and dignity.

Microsoft doesn’t think it’s enough to just search your files. Microsoft has a vision of grand unified searches that return results from your own files and email, plus results from a wide variety of other places – the web, company documents, other people’s calendars, the contents of books you intend to read but haven’t gotten to yet, your senior thesis, decoded World War II messages, maybe more. Basically when you do a search, Microsoft will check the entire output of Western civilization and use smart AI to show you search results that are exactly what you want, whether you want them or not.

There have been lots of steps backwards in Windows Search in 2020. The search window that comes up from the taskbar is cluttered and hard to use. The search bar in Outlook has been moved to a less convenient place and produces a freakishly huge box with too many options. Searches are no longer done as you type. There are bugs a-plenty.

Microsoft has never acknowledged it – which is strange – but it appears that Microsoft’s quest for bigger and better searches caused it to completely rewrite Windows Search for Windows 10 version 1909, released in November 2019. An important change: Microsoft announced that Windows Search would integrate search results from OneDrive right in File Explorer.

It’s not going well. I can’t find any OneDrive files when I do a search in Windows.

I’ve done searches starting in different places in File Explorer – starting in Quick Access, starting in the root OneDrive for Business folder, starting in OneDrive subfolders. I’ve done searches for file names and for words known to be in the text of Office documents. The search results are wildly inconsistent.

If I’m missing something, I’d really like to find out what it is. But if this is just broken, it’s inexcusable. Businesses large and small should be howling for a functional OneDrive search capability. Have we become so used to Windows failures that everyone just shrugs and accepts them?

If you’re serious about search, look at X1 Search. X1 Search indexes files on your computer, files on the network, and everything in Outlook, and does lightning-fast searches for words in them. Two years ago I wrote an article explaining why you might want to spend $96.00 on X1 Search because of its many advantages over Windows Search – lightning-fast searches, unified search across all sources, easy ways to filter search results, file viewers to preview search results, flexible ways to work with items once they’re found, and more.

Today there’s another reason, and it’s the best one yet. X1 Search connects to OneDrive and does the same instantaneous full-text searches on files stored online. As near as I can tell, X1 Search obtains a full-text index from OneDrive when it’s first connected and stores it locally on your hard drive. I can use X1 Search to locate files when I’m offline. When you’re online, X1 Search gets file previews on the fly when you highlight a search result.

That’s exactly what Microsoft promised but failed to deliver in Windows Search.

Leave a comment

Filed under Best Practices, Desktop Search, OneDrive, productivity, Uncategorized, X1 Search 8

Tagged as