IT Manager's Handbook: The Business Edition > 7.10 It's Not Just Regulatory Compliance > Electronic Discovery

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

IT Manager's Handbook: The Business Edition

Search

Table of Contents

Front Cover

IT Manager's Handbook

Dedication

About the Authors

Brief Table of Contents

Complete Table of Contents

Preface

Chapter 1: The Role of an IT Manager

Chapter 2: Managing Your IT Team

Chapter 3: Staffing Your IT Team

Chapter 4: Project Management

Chapter 5: Managing the Money

Chapter 6: Software, Operating Systems, and Enterprise Applications

Chapter 7: Security and Compliance

7.1 A Quick Note on How We Got Here

7.2 Managing Security

7.3 Security Solutions and Technologies

7.4 Types of Threats

7.5 Compliance and IT

7.6 The Rules

7.7 How to Comply with the Rules

7.8 Hidden Benefits of Complying with the Rules

7.9 Methodologies and Frameworks

7.10 It's Not Just Regulatory Compliance

Electronic Discovery

Working with Auditors

Disaster Recovery and Business Continuity

Definition of Policies and Procedures

Outsourcing

Chapter 8: Disaster Recovery

Chapter 9: Working with Users

Chapter 10: The New Technologies of Connectedness

Bibliography and Additional Resources

Glossary

Index

266 Chapter Seven Security and Compliance The Six Sigma methodology also has roles and certifications that go by names such as Green Belt, Black Belt, Master Black Belt, and Champion. 7.10 It's Not Just Regulatory Compliance While this chapter provides a taste of the world of IT compliance, as required by various pieces of legislation, there are other "compliance" activities outside of enacted statutes. Electronic Discovery Frequently, IT departments are involved in many of the lawsuits that are brought against an organization. It's becoming more and more common for lawsuits to require a search for e-mail, documents, and system logs. F Class action lawsuits against a company (perhaps by investors or customers) F Disgruntled employees (often claiming wrongful termination) may bring action against an organization F Allegations by current employees of discrimination or harassment F Invasion of privacy concerns (e.g., one employee claiming that another has had unauthorized access to the first employee's documents and e-mails) F Lawsuits brought by partners, suppliers, customers, vendors, etc. IT has found itself working with increasing frequency with the company's Legal department to provide information about IT operations (e.g., e-mail archiving policy, availability of backup tapes, response to subpoenas). As such, it's becoming increas- ingly common for IT to review policies and procedures with in-house lawyers before considering them "approved." Working with Auditors It's usually not sufficient for IT to simply establish their own procedures to meet regu- latory compliance. Very often, they need to "prove" their compliance to external audi- tors as well as internal auditors. The discussion earlier in the chapter about maintaining evidence (section entitled Hidden Benefits of Maintaining Evidence [on page 261]) goes a long way to help you prove that you're doing what you're claiming. While these audits can take a toll on IT resources, they do serve to help ensure that defined procedures are followed. Also, if something is overlooked, it's better to find them during an audit than as a result of an interruption of service or loss of data.

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

7.10 It's Not Just Regulatory Compliance > Electronic Discovery - Pg. 266