Data Subject Access Request – An effective approach by CyberSonix
December 4, 2020
11:45 pm
Share on facebook Share on linkedin Introducing Data Subject Access Requests In a year of pushing the definition of agile to
Jon Crowther
Founder and Managing Director of CyberSonix
- June 2, 2020
- 8:16 pm
eDiscovery Tool evaluation – Case Study
Share on facebook
Share on linkedin
Background
“Discovery” Technology Tools exists that can index an organisations unstructured user data. This is typically emails, office files saved in a user drive or shared area. The tool can then be used to search, filter, review, redact documents.
Two providers of this type of technology had been identified for this client and evaluated in a Proof of Concept.
The Proof of Concept used a sample set of user data (Home Drives, Shared Drive, Email). My engagement was to act as a Technical Project Manager . To lead the proof of concept project through the organisations Project Delivery gateway and to act as a hands-on Technical Consultant.
Approach
After familiarising myself with the existing documentation, I reached out to key stakeholders in the following teams: –
• Records Management
• Infrastructure Architecture
• Data
• Technical Operations
• Networks
• Information governance
• Legal
• Testing and Assurance
• Proof of Concept Vendors
Based on these face to face meetings and discussions, I put together a High-Level Design Document. This was presented and approved by the Digital Approval Board. The key actions from there were to build two proof of concept servers, one for each tool. This needed some planned and scheduled time with the Tech Ops team.
Following this, I scheduled some remote knowledge sessions with the two vendors and ensured any mutual non-disclosure agreements were in place with them. This was done by reviewing the agreements with in-house Legal and Information Governance team. Once all this was in place, a strategy was developed with Technical Operations , to identify appropriate network locations that would adequately test both tools. This would ensure true value of the Proof of Concept and the result could be matched against the documented requirements.
After further conversations with Records Management and Technical Operations, it was agreed that the scope of test data would focus on the following: –
• Light Index of one department Share
• Two targeted and current Data Subject Access Requests
Once the proof of concept was completed , I prepared product summaries and a conclusion. The conclusion was reached measuring both tool’s ability to perform each of the following tasks :-
The client have now selected a tool are ready to move forward . They have engaged CyberSonix to assist with the following aspect of the project.
- Cloud storage considerations
- Standard Operating Procedure
- Redundant, Outdated, Trivial data (ROT)
- Role Based Access Controls (RBAC)
- Segregation of duties
- Testing and assurance
- Training and Documentation
More to explorer
Forensic Data Collection – a case study
May 25, 2020
8:34 pm
Share on facebook Share on linkedin Learn more about my personal experience collecting data from six custodians from a multiple number of
