Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 27050-3:2020 — Electronic Discovery — Part 3: Code of Practice
Operational Best Practices and Code of Practice for Electronic Discovery
ISO/IEC 27050-3:2020 represents the operational heart of the ISO/IEC 27050 series, providing a comprehensive code of practice for the day-to-day activities involved in electronic discovery. Where Part 1 provides concepts and Part 2 addresses governance, Part 3 delivers practical, actionable guidance for conducting eDiscovery operations in a defensible and efficient manner.
The code of practice in ISO/IEC 27050-3 translates high-level governance principles into specific operational procedures that can be implemented directly in eDiscovery workflows and technology platforms.
1. Operational Framework for eDiscovery
The standard establishes an operational framework organized around the key phases of the eDiscovery lifecycle. For each phase, ISO/IEC 27050-3 provides detailed guidance on: objectives and expected outcomes; roles and responsibilities; procedural requirements; quality control measures; documentation standards; and common risks and mitigation strategies.
The operational framework emphasizes the principle of proportionality — the scope and depth of eDiscovery activities should be proportionate to the nature, complexity, and stakes of the matter. This principle guides decisions about what ESI to search, how thoroughly to review, and what level of quality control is appropriate. Proportionality is not an excuse for inadequate discovery but rather a framework for making defensible resource allocation decisions.
| Phase | Operational Objectives | Quality Controls | Documentation Requirements | |
|---|---|---|---|---|
| Identification | Locate all potentially relevant ESI sources | Data map verification, custodian interviews, source validation | Identification report, source register, search terms and queries | |
| Preservation | Protect ESI from alteration or deletion | Legal hold audit, preservation verification, chain of custody | Legal hold records, preservation logs, custodian acknowledgments | |
| Collection | Gather ESI in a forensically sound manner | Collection validation, hash verification, media integrity checks | Collection reports, hash values, chain of custody forms | |
| Processing | Prepare ESI for efficient review | Deduplication verification, OCR accuracy checks, metadata validation | Processing logs, exception reports, quality control checklists | |
| Review | Assess documents for relevance and privilege | Review consistency checks, quality sampling, privilege logging | Review databases, privilege logs, production specifications | |
| Production | Deliver ESI in required format | Production verification, load file validation, sample inspection | Production records, cover letters, load files |
One of the most significant operational risks in eDiscovery is inconsistency in review decisions. When different reviewers apply different standards for relevance or privilege, the resulting production may be incomplete or overbroad. ISO/IEC 27050-3 recommends structured review protocols, regular quality sampling, and Technology-Assisted Review (TAR) to improve consistency.
2. Technology-Assisted Review and Advanced Analytics
ISO/IEC 27050-3 addresses the growing role of technology in eDiscovery, particularly Technology-Assisted Review (TAR), also known as predictive coding or computer-assisted review. The standard provides guidance on when and how to use TAR, including validation methodologies, transparency requirements, and documentation standards.
The standard recognizes that TAR, when properly implemented, can significantly improve both the efficiency and quality of eDiscovery review. TAR uses machine learning algorithms to identify relevant documents based on reviewer coding decisions, allowing reviewers to focus on the most promising documents while automatically excluding clearly irrelevant material. However, the standard also emphasizes that TAR is not a magic solution — it requires careful implementation, ongoing validation, and transparent reporting to be defensible.
When implemented correctly, Technology-Assisted Review can reduce review costs by 50-80% while maintaining or improving review quality. ISO/IEC 27050-3 provides the framework for achieving these benefits in a defensible manner.
Defensible Use of TAR
To use TAR defensibly, organizations should: (1) Document the methodology, including the seed set creation process, the machine learning algorithm used, and the validation approach; (2) Conduct appropriate quality control testing, including recall and precision measurements; (3) Maintain transparency about the TAR process with opposing counsel and the court; (4) Preserve the ability to demonstrate that the TAR process produced a complete and accurate result; and (5) Retain all TAR-related documentation for potential discovery in subsequent proceedings.
3. Engineering Design for eDiscovery Operations
From an engineering perspective, ISO/IEC 27050-3 has direct implications for the design and configuration of eDiscovery technology platforms. The operational requirements defined in the code of practice should be mapped to specific technical capabilities within the eDiscovery infrastructure.
Key platform requirements include: (1) Support for native file format processing and rendering, ensuring that ESI can be reviewed in its original context; (2) Comprehensive metadata extraction and preservation, including system metadata, file system metadata, and embedded metadata; (3) Advanced search capabilities including Boolean, proximity, concept, and phonetic search; (4) TAR and analytics capabilities that are transparent, auditable, and validated; (5) Robust privilege logging and redaction capabilities; (6) Flexible production capabilities supporting multiple output formats (TIFF, native, PDF) with load files; and (7) Comprehensive audit logging at every stage of the process.
Engineering teams should also consider scalability and performance requirements. As data volumes continue to grow, eDiscovery platforms must be able to process terabytes of data within increasingly tight deadlines. This requires distributed processing architectures, optimized data storage, and efficient review interfaces.
When designing or selecting an eDiscovery platform, prioritize platforms that provide end-to-end audit capabilities. The ability to demonstrate exactly what happened to every piece of ESI throughout the entire discovery lifecycle is essential for defensibility. Look for platforms that automatically capture audit information rather than requiring manual logging.
4. Frequently Asked Questions
Q: What is a code of practice and why is it important for eDiscovery?
A code of practice provides detailed operational guidance for implementing the principles and policies established in the other parts of the standard. It translates high-level requirements into specific, actionable procedures that can be followed by practitioners in their day-to-day work.
A code of practice provides detailed operational guidance for implementing the principles and policies established in the other parts of the standard. It translates high-level requirements into specific, actionable procedures that can be followed by practitioners in their day-to-day work.
Q: How does proportionality apply to eDiscovery operations?
Proportionality means that the scope and cost of eDiscovery activities should be reasonable in relation to the nature and stakes of the matter. It guides decisions about which ESI sources to search, how thoroughly to review, and what quality controls to apply. Proportionality decisions should be documented and defensible.
Proportionality means that the scope and cost of eDiscovery activities should be reasonable in relation to the nature and stakes of the matter. It guides decisions about which ESI sources to search, how thoroughly to review, and what quality controls to apply. Proportionality decisions should be documented and defensible.
Q: What is Technology-Assisted Review (TAR) and when should it be used?
TAR uses machine learning to identify relevant documents based on reviewer coding decisions. It is particularly valuable in large-volume cases where manual review of all documents would be cost-prohibitive. TAR should be used when its application is transparent, validated, and appropriately documented.
TAR uses machine learning to identify relevant documents based on reviewer coding decisions. It is particularly valuable in large-volume cases where manual review of all documents would be cost-prohibitive. TAR should be used when its application is transparent, validated, and appropriately documented.
Q: How should organizations handle the eDiscovery of ephemeral messaging data?
Ephemeral messaging presents unique challenges because data may be automatically deleted after a short period. Organizations should implement preservation mechanisms that capture ephemeral messaging data before automatic deletion occurs. This may involve configuring retention settings within messaging platforms, using third-party archiving tools, or implementing collection protocols that capture data in near real-time.
Ephemeral messaging presents unique challenges because data may be automatically deleted after a short period. Organizations should implement preservation mechanisms that capture ephemeral messaging data before automatic deletion occurs. This may involve configuring retention settings within messaging platforms, using third-party archiving tools, or implementing collection protocols that capture data in near real-time.
