Litigation support services and eDiscovery tools must be handled by experienced professionals to create a solution that is both efficient and cost-effective. The problem is, unless you're an expert yourself, it’s difficult to know exactly what questions you should be asking in order to determine whether your vendor is qualified for your case. Here are ten questions to ask before committing to your next vendor contract.
1. Does your litigation support services vendor provide an end-to-end approach?
Your provider should cover every phase of EDRM in order to present an integrated approach, which will maximize efficiency while minimizing overall cost. An end-to-end approach will also allow separate teams to work better together while implementing a cohesive strategy from the outset.
2. What is the collection methodology?
Gathered evidence must be forensically sound while remaining within your eDiscovery budget. Data should be preserved and presented using standards that meet any potential evidentiary requirements, ensuring that no data is lost or corrupted in the process.
3. Is additional support and consultation available?
Your eDiscovery provider should deliver a strategy which is measurable and trackable. However, they should also adapt their methods to the needs of the case. Can they provide expert testimony if needed? Can they deliver strategic advice before beginning any forensic collection efforts in order to facilitate the process?
4. Can your vendor handle multiple formats?
It’s highly unlikely that your data collection will all be in one file type. They may not even be in compatible formats. Your vendor needs to be prepared to handle multiple data formats at once, including images, and also be able to export that data in whichever format is most appropriate.
5. Does your vendor offer robust search capabilities?
Really, storing the data is secondary to being able to find what you need, when you need it. If you can’t locate a key piece of evidence, it can affect the outcome of your case. Your vendor must absolutely offer extensive search functionality along with data storage and retrieval.
6. Is the data secure?
Whatever information is gathered during the discovery process must be kept totally secure, which will fall under the responsibility of your managed services provider. Be sure to ask questions about their security protocols, so you understand what measures are taken to ensure the integrity of your digital evidence.
7. How accessible is your information?
Will you have access to any eDiscovery you may need whenever you need it – including non-standard business hours? Can the data only be accessed through the provider?
8. How involved is your vendor throughout the process?
Are the services they offer only partial or comprehensive? Do they provide document review services, and how well managed are those review services? Ideally, you want one vendor to handle everything, not have to shop around for different solutions from different firms.
9. Can your vendor provide 100 percent accountability?
Data capture and indexing are only part of the process. Vendors also have to prove defensibility should the need arise. One way of doing this is through index reconciliation reports, which will help account for any discrepancies.
10. What are their credentials?
Last but definitely not least, what is the knowledge base of your service provider team? Are they actually equipped to handle the cases you need them to handle? Are they knowledgeable about only technical issues related to eDiscovery, or do they also have a good grasp on the legalities involved? What level certification do they have? How deep is the technical team's bench? These are all critical.
It may be time-consuming to review all ten areas with potential service providers but given what's at stake in your case, it's better to be safe than sorry.
Company completes comprehensive professional audit of these standards, resulting in certification
Seattle, WA – July 31, 2012 – TERIS, a leading provider of eDiscovery and related litigation support and information governance solutions to corporations and law firms across the US and internationally, announced today that it recently completed a Type II Service Organization Control (SOC) 2 (or "SOC 2") examination relevant to security, availability, confidentiality, and privacy. As a result, TERIS is now one of the first eDiscovery litigation support service providers to receive such a report and certification.
The SOC 2 examination, conducted by an independent auditing firm, formally evaluated the design and operating effectiveness of TERIS’ processes, procedures, and controls for compliance with the criteria set forth in the American Institute of Certified Public Accountants Trust Services Principles and Criteria. This examination demonstrates that TERIS is compliant with the relevant criteria and that its clients are being served by an SOC 2 standard controlled facility.
The examination's completion has also provided TERIS with valuable insight into the people and procedures responsible for successful data center controls.
“By meeting this comprehensive and rigorous standard, TERIS is able to provide our clients with an even greater degree of confidence that their critical data and information is secure in our facilities,” said Kip Hauser, TERIS Chief Operating Officer.
Earlier this year, the SOC Type II reports replaced SAS 70 Type II audits as the benchmark compliance report for organizations impacted by regulations such as HIPAA, PCI, and SOX. The new standards required TERIS to complete and submit a written assessment of the operating effectiveness and suitability of its controls, which was analyzed and validated in person by the independent auditors.
The 2011 SSAE 16 SOC 2 Type II examination covers the entire organization and its information technology infrastructure environment and client-facing systems including: data center operations, database administration, storage management, server administration, support, system backup and disaster recovery processes, as well as network operations, system monitoring tools and processes, system security (both logical and physical), and common support processes applicable to all lines of business and customers of the company.
All of TERIS operate under the same standards and follow the established SSAE 16 SOC 2 guidelines, best practices, policies, and procedures to maintain compliance and certification.