[Case Name or Investigation] [Company] IT ESI QUESTIONNAIRE Sample IT ESI Questionnaire

Transcription

[Case Name or Investigation] [Company] IT ESI QUESTIONNAIRE Sample IT ESI Questionnaire
LITIGATION HOLD SUITE Sample IT ESI Questionnaire
[Case Name or Investigation]
[Company] IT ESI QUESTIONNAIRE
Definitions
I
S
E
T
I
E
L
E
P
R
I
SAM TIONNA
S
E
QU
As used below:
“Company” means [name of client corporation].
“Custodians” mean employees and contractors for Company who created, maintained and stored relevant
information with regard to [case name or investigation]. Custodians include the following persons: [list].
“ESI” means electronically stored information, within the meaning of Federal Rule of Civil Procedure 26(b)(2)(B),
that contains or potentially contains information relating to facts at issue in this litigation, defined for purposes
of this Questionnaire as: [Specifics of the claim]
“Relevant Period” means [beginning date] through [ending date].
Unless otherwise indicated, all questions below relate to Company’s ESI during the Relevant Period.
PLEASE TURN OFF OR DISABLE ALL AUTO-DELETE FUNCTIONS SET ON ANY COMPANY COMPUTER
SYSTEM AND SUSPEND ANY DATA OR DOCUMENT DESTRUCTION POLICIES WITH REGARD TO, OR
THAT IMPACT, THE CUSTODIANS IN THIS CASE/INVESTIGATION.
PLEASE REMOVE FROM NORMAL RECYCLING ALL BACKUP TAPES THAT ARE LIKELY TO CONTAIN ESI
FROM THE RELEVANT PERIOD. COUNSEL WILL DIRECT YOU ON HOW TO MAINTAIN SUCH TAPES
DURING THE PENDENCY OF THE CASE/INVESTIGATION.
PLEASE FORWARD TO COUNSEL THE DOCUMENT RETENTION PLAN (DRP) ADOPTED BY THE COMPANY.
PLEASE DESCRIBE THE DRP AND ITS ACTUAL IMPLEMENTATION ACROSS THE COMPANY. PLEASE
DESCRIBE THE IMPACT OF THE DRP ON THE CUSTODIANS LISTED ABOVE.
E-mail and Other Electronic Communications
1. List the e-mail servers and repositories in use by Company and provide hardware type, operating system
name and version, e-mail (client and server-side) application name and version, number of users per
server, and physical locations.
2. Provide Company e-mail database names and size (per server).
3. Describe how the e-mail servers were configured (including whether single store or multiple stores,
tombstoning, and mailbox size limits). If there are multiple stores per server, explain how users were
assigned to a store. Did the Company support spam filtering at a global level?
4. What purge or retention policies were in effect with respect to e-mail?
5. Can e-mail be saved by Custodians and users to a local shared file or local drive? Can users authorize
delivery of their e-mail to another user (e.g., Microsoft Outlook delegate feature)? Do Custodians and users
have the ability to make configuration changes?
6. Were attachments to e-mail messages stored on e-mail servers, e-mail repositories, network file servers or
elsewhere?
M E R R I L L
C O R P O R A T I O N
LITIGATION HOLD SUITE Sample IT ESI Questionnaire
7. Describe all redundant, backup and disaster recovery systems used for e-mail, including hardware
type, application name and version, media used, and the schedules on which data was saved. Identify
the physical location of such systems as well as any off-site storage locations, and rotation schedules for
backup and disaster recovery media. If systems and procedures were not uniform, provide this information
on a per-server and repository basis.
8. Do you have at least one complete, nonincremental backup of each of your e-mail servers and repositories
for each month during the Relevant Period? If not, identify the months for which you do not have such a
backup. For such months, do you have incremental or other backups from which a complete backup can
be created?
9. Does each complete e-mail backup referenced in question 8 contain all e-mails sent or received since
creation of the previous complete e-mail backup? Do the e-mail backups contain all messages in each
employee’s “inbox,” “sent mail” and other (self-created) e-mail folders at the time such backup was
created?
I
S
E
T
I
E
L
E
P
R
I
SAM TIONNA
S
E
QU
10. Can e-mail folders related to specific employees be individually restored from backup?
11. Did Custodians and employees of Company have access to personal, Internet-based e-mail accounts (e.g.,
Yahoo or Gmail accounts), either from computers or mobile devices? To your knowledge, did Custodians
and employees use such accounts?
12. Were any instant-messaging applications supplied by the Company? If so, were session transcripts logged
and saved? If so, where and for how long? To your knowledge, did Custodians and employees use any
instant-messaging applications not supplied by the Company?
13. How can a Custodian and employee remotely access their e-mail?
14. Did the Company use a Voice Over Internet Protocol (“VOIP”) or other integrated communications
system? As a matter of Company policy or practice, were any voice mails normally preserved, whether for
regulatory compliance purposes or other reasons? Were users able to save voice mails indefinitely?
15. Does the e-mail system synchronize with any employee or Custodian PDA, pager or mobile phone? Are
these devices issued by the Company or purchased and owned by Custodians and employees? Can an
employee receive e-mail on a personal device without IT knowledge?
16. Identify the individual currently employed by Company who is most knowledgeable about e-mail data
storage, backup and retention at the Company during the Relevant Period.
17. Were any non-Company employees involved in management of the Company’s e-mail systems? If so,
identify and briefly describe the role of each third party so involved.
18. During the Relevant Period, was the e-mail software or system upgraded? What migration protocol(s) was
in place and implemented during the upgrade(s)?
Network File System
19. List the network databases and file servers and any network storage devices in use by Company, and
provide hardware type, operating system name and version, and physical locations.
20. What kinds of network locations existed (e.g., personal, departmental, project)? Did all users, by default,
have a “home directory”? Did departments have shared network locations by default?
21. Were size limitations imposed on network locations? Was there a retention/deletion program?
22. Describe all redundant, backup, and disaster recovery systems used for network database and file servers
and any network storage devices including hardware type, application name and version, media used, and
the schedules on which data is saved. Identify the physical location of such systems, and rotation
schedules for backup and disaster recovery media. If systems and procedures were not uniform, provide
this information on a per-server basis.
M E R R I L L
C O R P O R A T I O N
LITIGATION HOLD SUITE Sample IT ESI Questionnaire
23. Do you have at least one complete, nonincremental backup of each of your network database and file
servers and any network storage devices for each month during the Relevant Period? If not, identify the
months for which you do not have such a backup. For such months, do you have incremental or other
backups from which a complete backup can be created? Is your backup system tiered? What are the tiers
for the backup system?
24. Can specific files contained on network database and file-server backups be individually restored?
25. Describe any system used for document sharing (e.g., SharePoint Portal or iManage).
26. Identify the individual currently employed by Company who is most knowledgeable about network
database and file-system data storage, backup and retention at Company during the Relevant Period.
27. Are any non-Company employees involved in management of the Company’s network file servers? If so,
identify and briefly describe the role of each third party so involved.
I
S
E
T
I
E
L
E
P
R
I
SAM TIONNA
S
E
QU
Local Hard Drives
28. As a matter of Company policy or practice, were Custodians and employees’ desktop and laptop hard
drives backed up? If so, describe the conditions or factors that resulted in the backup of employees’
desktop and laptop hard drives and state the normal retention period for such backups.
29. As a matter of Company policy or practice, were Custodians and employees permitted to save files, e-mails
or other data to their desktop or laptop hard drives?
30. Was it technically possible for Custodians and employees to save files, e-mails or other data to their
desktop or laptop hard drives?
31. Were any of the local hard drives replaced or upgraded during the Relevant Period? Was the information
on these drives migrated and how?
Other Computers
32. Did Company policy or practice permit, prohibit or otherwise control Custodian and employee use of
computers not owned, operated or controlled by the Company to create, receive, store or send workrelated documents, files or communications?
33. Can Custodians and employees access e-mail Company networks, etc., via home computers?
34. Did Company policy or practice allow use of flash or thumb drives or other removable storage media? Is
there a system to detect and record data copied to a flash or thumb drive? Did Company provide remote
access to the Company network or e-mail? Were data transfers from/to non-Company computers possible
via remote access?
Other ESI
35. Identify any ESI created or modified during the Relevant Period that is not included in the categories
listed above.
Software
36. Identify the desktop applications that were in general use at the Company (including word processing,
spreadsheet, presentation (e.g., Microsoft PowerPoint), document viewing (e.g., Adobe Acrobat), Internet
browser and database (e.g., Microsoft Access) applications). Were any such applications replaced or
upgraded during the Relevant Period?
37. Identify all applications used by the Company to perform the following functions: [examples could
include financial accounting; financial forecasting or budgeting; voice mail, instant messaging and
texting; Internet service provider; salesperson performance monitoring and management; sales pipeline
monitoring and management; relational-management databases used, such as SQL, Oracle, SAP, etc., were
any of these applications tailored to Company’s specific systems].
M E R R I L L
C O R P O R A T I O N
LITIGATION HOLD SUITE Sample IT ESI Questionnaire
38. Can Custodians and employees download software, either for personal or business use, onto
Company computers and networks?
General
39. What were the Company’s policy and practice regarding retention of e-mails, text messages, instant
messages and other user data for Custodians and users who ceased to be employed by Company?
40. What were the Company’s policy and practice regarding retention of data on computer hard drives that
were transferred between Custodians and employees, cleaned or removed from service?
41. Did the Company have documented policies and procedures regarding any of the topics addressed in
questions 1 to 40 above?
42. Are computers shared between Custodians or employees? Are logins and passwords shared? Describe the
security of the Company’s computer systems, including password protection and encryption.
I
S
E
T
I
E
L
E
P
R
I
SAM TIONNA
S
E
QU
43. Describe any content-blocking systems put in place to manage or monitor Custodians’ and employees’
Internet usage.
44. Describe any “rogue” systems that employee and Custodians use in the day-to-day business at the Company.
45. Describe any “legacy” systems or software that the Custodians used in their day-to-day business. Describe
how these systems or software were retired and what happened to the data stored on those systems.
Litigation-Related
46. Does Company now have established procedures for retaining documents in the event of litigation? Were
such procedures fully adhered to in connection with this litigation?
47. Does the Company employ any Early Case Assessment tools to preserve, collect and cull data that is
relevant to this matter? Please describe the tool and identify the person(s) who operate or manage this tool.
48. Describe the scope of the litigation hold maintained by Company with respect to this litigation. Describe
the procedures implemented by Company for maintaining such litigation hold.
49. Provide an Information or Data Map that shows the entire network and computer architecture for the
company and how employees, and more importantly Custodians, access the network and computer
architecture of the Company.
50. Identify any ESI that has been destroyed since [triggering event which prompted the Litigation Hold
Notice]. With respect to such ESI, indicate whether such ESI was within the intended scope of the
litigation hold described above.
51. Have there been any actual or anticipated litigations, arbitrations or government inquiries or
investigations since the beginning of the Relevant Period that have resulted in the production of ESI, or
the compilation of ESI in anticipation of production?
ESI Deemed “Not Reasonably Accessible”
52. Identify any ESI in the possession, custody or control of the Company that it deems “not reasonably
accessible” for purposes of this litigation.
Yours truly,
[Counsel name and contact information]
Cc: General Counsel
HR Representative
One Merrill Circle | St. Paul, MN 55108 | 800.688.4400 | tools2use@merrillcorp.com | www.merrillcorp.com/tools2use
M E R R I L L
© Merrill Communications LLC. All rights reserved. MLS0595_1
C O R P O R A T I O N