“There has been much discussion in recent years about how well-established information security technologies (e.g., hash functions, cyberforensics) and policies mirror emerging approaches to electronic discovery practice, and so it comes as no surprise that the development of an eDiscovery standard represents a convergence with computer forensics, which has traditionally focused on information security,” said Steven W. Teppler, who chairs Kirk Pinkerton's information governance and electronic discovery practice.
The eDiscovery standard (ISO/IEC 27050) will be a guidance standard that addresses terminology, provides an overview of eDiscovery and ESI, and then addresses a range of technological and process challenges associated with eDiscovery (such as security and data handling), including identification, preservation, collection, processing, review, analysis and production of ESI.
The first working draft of the ISO/IEC 27050 is due early July, and meetings to gather input for ISO/IEC WD 27050 are also being scheduled. Contributions and comments on the working draft are due by mid-September, to be reviewed at a meeting in South Korea in October 2013.
“In the absence of a defined baseline for quality, in many Common Law jurisdictions such as Ireland, it has been left to industry professionals to drive standard,” said Colm Murphy, technical director at European forensics and eDiscovery service provider Espion, in a note to Infosecurity. “Without doubt, an ISO standard is the ultimate benchmark for validity of digital evidence.”
According to Enterprise Communications, the International Committee for Information Technology Standards Technical Committee will be in charge of US participation, together with the ISO/IEC JTC 1/SC 27 Working Group 4, which develops standards for services and security controls, who will manage the project.