This service reviews various aspects of an organization’s computing environment and delivers both a data retention policy and a technology framework by which the policy is enforced. Business organizations are now faced with a bewildering array of options for dealing with both the legal and technical issues presented. Many proposed technology centric solutions target well defined pain points while ignoring important legal governance issues. Other solutions focus on policy and disregard the technical implications. Our proposed solution is comprehensive and addresses both governance and the technical framework required for implementation.
Developing a data retention policy is a necessity for all mid to large organizations in order to manage information assets in a rationalized manner suitable for meeting the operational requirements of electronically stored information (ESI) and to meet the challenges of complex litigation. This service provides a comprehensive review of existing organizational practices, what we call the “As Is” state, and then derives a policy that governs the “To Be” state. The policy controls the end of life requirements of all record types (e.g. contracts, accounting, tax, legal, etc). The end of life for a given record type is controlled both by legal authority, which we provide, and by the business and technology requirements of the organization.
However, as described below, the deliverable of this engagement encompasses significantly more than the drafting of a policy. It also provides a technological framework by which said policy can be enforced. Without such a framework it is unlikely that the “good faith” requirements inherent in the recent changes to the Federal Rules of Civil Procedure (FRCP) can be met. Indeed, a policy without an enforcement mechanism will be of little use with respect to adequately managing the business problem created by the explosive growth of ESI—a business problem that includes litigation readiness, but extends far beyond it.
In short, a rationalized approach to data retention requires an interdisciplinary approach that lies at the intersection of business, law and technology. We have the expertise required to guide an organization to the desired “To Be” state using a collaborative project based approach.
The cost will vary depending on the complexity of the organization and the number of record types. There are record types that are horizontal to the organization (e.g. email) and those that are vertical (e.g. contained within a functional business organization). A cost range is presented after gathering initial requirements and the development of a formal proposal.
As stated above, there are two principal deliverables of this engagement, with a number of interim deliverables (e.g. documentation of the “As Is” state) that mark project milestones. The two principal deliverables are:
What is not covered in the engagement is any effort required to deliver the actual “roll out” of the enforcement mechanism. It is anticipated that the actual roll out will occur over a period of time with horizontal record types comprising the first order of priority. We are available for consultation during the roll out but such effort is not within the scope of this engagement.