Many areas of risk must be taken into account by business continuity planners.  One of the often overlooked risks is to realize the rising trend of eDiscovery activities in companies large and small.  With so many regulatory and compliance requirements in place and continuing to grow in number, many companies are struggling just to keep current with those demands let alone actually be able to claim full compliance with them.  And, when the need for producing records from an eDiscovery process and legal hold occur, all companies must be fully aware of the economic penalties (risks) that could be thrown upon the them if they cannot comply with those requirements on a timely basis.  Many small and mid-size businesses might risk being forced to close their doors if the economic penalities are too large.  As you would expect the drivers for the changes in recent eDiscovery strategies are economically driven. 

As a result, we believe that BC planning teams need to be aware of current strategies being presented for eDiscovery.   Recent events and developments indicate that many companies, who have delegated eDiscovery to outside legal firms, are now seriously considering moving eDiscovery away from those firms and creating an in-house capability to meet their eDiscovery requirements.  All of those decisions are made because they are seeking lower eDiscovery costs.

Certainly, compaies will need guidance on how and what to bring in-house, and how and what to outsource.   Most importantly, companies will use only those resources that grasp how to drive efficiencies through their eDiscovery processes.  And, while this dynamic creates opportunities, it also presents an uncertain world to vendors and law firms that don’t figure out how to adapt on a timely basis.

We recommend reading a recent posting by G. J. Britton on this subject for all members of BC planning teams having to wrestle with finding a solution for their company to this e-Discovery risk mitigation challenge.  READ THIS ARTICLE.

The Health Data Management publication group recently announced the final rule(s) governing the reporting of data breaches by vendors of personal health records (PHR’s) and online applications that interact with PHR’s.

Read this article for more information on this important privacy and information security topic.

The IT Service Management standard, ISO/IEC 20000-1:2005 is in the process of being updated.  Dr. Jenny Dugmore’s recent blog on the ITP Report  gives a first hand account of the progress being made.   

Dr. Dugmore makes reference to the results of a survey requested within the ITSM industry for input on changes and challenges to the current standard.  It is exciting to see that the input of the folks in the trenches can affect change.     It is also pleasing to see that integration of other ISO standards such as ISO/IEC 9001:2000 and ISO/IEC 27001-1:2005 are being seriously discussed and actions are being taken to find more common ground.  As Dr. Dugmore puts it   “We believe that knowing what the IT service management industry wants is hugely important.  When planning what we do to the current editions of ISO/IEC 20000 series we should have a clear view of what is needed (and wanted), not what we decide is a good idea.”