Rolling Meadows, IL, USA (10 March 2011)—Electronic discovery is a growing field in which enterprises use technology to help reduce the risk related to litigation. To help enterprises effectively search, classify, preserve and present information that is stored electronically, ISACA has issued a complimentary new white paper, Electronic Discovery. It provides steps to identify and mitigate the risks related to potential litigation, and helps organizations establish a formal e-discovery program.

ISACA, a global association of 95,000 IT professionals, recommends the following steps to develop a successful e-discovery program:

·         Assess regulatory requirements specific to the organization.

·         Ensure the proper mix of policy, process and technology to reduce reliance on any specific individual and maintain consistency.

·         Apply a consistent approach to e-discovery, giving the organization time to evaluate and validate the information.

·         Establish information security controls—in line with the organization’s security policies—to protect information extracted.

·         Conduct employee training and awareness.

“An added bonus of creating an e-discovery program is that it not only reduces risk related to litigation, but also can improve an organization’s compliance posture,” said Kamal Dave, CISA, CISM, CGEIT, chief architect at Hewlett-Packard who co-authored Electronic Discovery with Scott Shinners, CISA, CPA, and John Vyhlidal, CISA, both of ConAgra Foods Inc. “It can also help control costs by eliminating a ‘keep everything’ mentality that exists when an organization is unclear about the type of information to retain and how long to store it.”

E-discovery programs can help minimize the following top risks and security concerns, according to ISACA:

·         Intentionally removing records

·         Intentionally adulterating records

·         Inability to recover records

·         Providing unnecessary or incorrect records

The white paper lists a seven-step process to identify and mitigate an organization’s e-discovery risks and outlines the COBIT processes that organizations can implement to maximize the value of e-discovery programs. Electronic Discovery is available as a free download at www.isaca.org/e-discovery.

About ISACA

With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter:  http://twitter.com/ISACANews

Media Contacts:

Neil Stinchcombe, Eskenzi PR,