Re: Legal Hold

[Keith Hartranft <kkh288 () LEHIGH EDU>]

Hi all,

We have put together a set of process steps in a policy that is still being
vetted but it is driven by Legal Counsel with IT and others who are to take
"their steps" in these actions.

We are in the process of checking out Zapproved to process this type of
thing and thought others might be interested as well.

http://www.zapproved.com/e-discovery-software/?mkt_tok=3RkMMJWWfF9wsRons6nNce%2FhmjTEU5z16usqWKa2iokz2EFye%2BLIHETpodcMTcJmM7DYDBceEJhqyQJxPr3ALNMNz9J3RhXqDg%3D%3D

Thanks,

Keith

On Mon, Aug 31, 2015 at 1:34 PM, Nathan Zierfuss-Hubbard <
nathan.zierfuss () alaska edu> wrote:

> Most cloud services have data export tools available to the user and SaaS
> application admins. These features can use to extract point in time copies
> of data for holds. Developing a procedure for generating hashes of data to
> be stored with it is important as well as logging data capture sessions for
> review if you really think the data might end up in court.
>
> Some services offer archive retention and vaulting like Google but it can
> be an additional cost item.
>
> Nathan
>
> Nathan Zierfuss-Hubbard, CISSP
> Chief Information Security Officer
> -
> Technology Oversight Services, University of Alaska
> 910 Yukon Dr. Suite 105, PO Box 755320
> Fairbanks, Alaska 99775-5320
> -
> Phone: 907-450-8112  Fax: 907-450-8381
>
> On Mon, Aug 31, 2015 at 9:10 AM, Maria Peluso <mpb () umn edu> wrote:
>
> > We just recently created a secure solution with Google Vault for large
> > storage.  Previously we had an app that took an elaborate amount of time.
> >
> > Not vouching yet.  Just in trial run!  But that's what we're trying.
> >
> > Maria
> >
> >
> > On Mon, Aug 31, 2015 at 10:09 AM, Frazier, William S [ITSYS] <
> > frazier () iastate edu> wrote:
> >
> > > I am interested in how institutions handle the mechanics of legal hold
> > > requests.  In environments that include cloud based providers (e.g., GMAIL,
> > > Office 365, Box, …) as well as assorted local storage solutions, how do you
> > > process the collection and preservation of information?  Are there service
> > > providers to which these tasks are handed?  Do you do the work in-house?
> > > Are there cloud based solutions for the reliable and timely collection and
> > > storage of the data to be preserved or is it more effective to use local
> > > stores?
> > >
> > > We are in the process of reviewing our procedures.  There are all sorts
> > > of documents claiming to be “best practice”.  I’d like to know something
> > > about actual mechanics.
> > >
> > > Thanks,
> > > Bill
> > > ----------------------------------------------
> > > William Frazier
> > > Iowa State University
> > > frazier () iastate edu
> >
> >
> > --
> > ______________________________________
> >
> > Maria Peluso
> > University of Minnesota Information Security
> > ______________________________________
> > 612-626-9310                        mpb () umn edu


-- 

*Keith K Hartranft, CISSP, PCI-DSS ISA & PCIP*
*Chief Information Security Officer*

*Lehigh University610-758-3994*