doc[Case Name or Investigation] [Company] IT ESI QUESTIONNAIRE Sample IT ESI Questionnaire
download 
Report Transcription
[Case Name or Investigation] [Company] IT ESI QUESTIONNAIRE Sample IT ESI Questionnaire
LITIGATION HOLD SUITE Sample IT ESI Questionnaire [Case Name or Investigation] [Company] IT ESI QUESTIONNAIRE Definitions I S E T I E L E P R I SAM TIONNA S E QU As used below: “Company” means [name of client corporation]. “Custodians” mean employees and contractors for Company who created, maintained and stored relevant information with regard to [case name or investigation]. Custodians include the following persons: [list]. “ESI” means electronically stored information, within the meaning of Federal Rule of Civil Procedure 26(b)(2)(B), that contains or potentially contains information relating to facts at issue in this litigation, defined for purposes of this Questionnaire as: [Specifics of the claim] “Relevant Period” means [beginning date] through [ending date]. Unless otherwise indicated, all questions below relate to Company’s ESI during the Relevant Period. PLEASE TURN OFF OR DISABLE ALL AUTO-DELETE FUNCTIONS SET ON ANY COMPANY COMPUTER SYSTEM AND SUSPEND ANY DATA OR DOCUMENT DESTRUCTION POLICIES WITH REGARD TO, OR THAT IMPACT, THE CUSTODIANS IN THIS CASE/INVESTIGATION. PLEASE REMOVE FROM NORMAL RECYCLING ALL BACKUP TAPES THAT ARE LIKELY TO CONTAIN ESI FROM THE RELEVANT PERIOD. COUNSEL WILL DIRECT YOU ON HOW TO MAINTAIN SUCH TAPES DURING THE PENDENCY OF THE CASE/INVESTIGATION. PLEASE FORWARD TO COUNSEL THE DOCUMENT RETENTION PLAN (DRP) ADOPTED BY THE COMPANY. PLEASE DESCRIBE THE DRP AND ITS ACTUAL IMPLEMENTATION ACROSS THE COMPANY. PLEASE DESCRIBE THE IMPACT OF THE DRP ON THE CUSTODIANS LISTED ABOVE. E-mail and Other Electronic Communications 1. List the e-mail servers and repositories in use by Company and provide hardware type, operating system name and version, e-mail (client and server-side) application name and version, number of users per server, and physical locations. 2. Provide Company e-mail database names and size (per server). 3. Describe how the e-mail servers were configured (including whether single store or multiple stores, tombstoning, and mailbox size limits). If there are multiple stores per server, explain how users were assigned to a store. Did the Company support spam filtering at a global level? 4. What purge or retention policies were in effect with respect to e-mail? 5. Can e-mail be saved by Custodians and users to a local shared file or local drive? Can users authorize delivery of their e-mail to another user (e.g., Microsoft Outlook delegate feature)? Do Custodians and users have the ability to make configuration changes? 6. Were attachments to e-mail messages stored on e-mail servers, e-mail repositories, network file servers or elsewhere? M E R R I L L C O R P O R A T I O N LITIGATION HOLD SUITE Sample IT ESI Questionnaire 7. Describe all redundant, backup and disaster recovery systems used for e-mail, including hardware type, application name and version, media used, and the schedules on which data was saved. Identify the physical location of such systems as well as any off-site storage locations, and rotation schedules for backup and disaster recovery media. If systems and procedures were not uniform, provide this information on a per-server and repository basis. 8. Do you have at least one complete, nonincremental backup of each of your e-mail servers and repositories for each month during the Relevant Period? If not, identify the months for which you do not have such a backup. For such months, do you have incremental or other backups from which a complete backup can be created? 9. Does each complete e-mail backup referenced in question 8 contain all e-mails sent or received since creation of the previous complete e-mail backup? Do the e-mail backups contain all messages in each employee’s “inbox,” “sent mail” and other (self-created) e-mail folders at the time such backup was created? I S E T I E L E P R I SAM TIONNA S E QU 10. Can e-mail folders related to specific employees be individually restored from backup? 11. Did Custodians and employees of Company have access to personal, Internet-based e-mail accounts (e.g., Yahoo or Gmail accounts), either from computers or mobile devices? To your knowledge, did Custodians and employees use such accounts? 12. Were any instant-messaging applications supplied by the Company? If so, were session transcripts logged and saved? If so, where and for how long? To your knowledge, did Custodians and employees use any instant-messaging applications not supplied by the Company? 13. How can a Custodian and employee remotely access their e-mail? 14. Did the Company use a Voice Over Internet Protocol (“VOIP”) or other integrated communications system? As a matter of Company policy or practice, were any voice mails normally preserved, whether for regulatory compliance purposes or other reasons? Were users able to save voice mails indefinitely? 15. Does the e-mail system synchronize with any employee or Custodian PDA, pager or mobile phone? Are these devices issued by the Company or purchased and owned by Custodians and employees? Can an employee receive e-mail on a personal device without IT knowledge? 16. Identify the individual currently employed by Company who is most knowledgeable about e-mail data storage, backup and retention at the Company during the Relevant Period. 17. Were any non-Company employees involved in management of the Company’s e-mail systems? If so, identify and briefly describe the role of each third party so involved. 18. During the Relevant Period, was the e-mail software or system upgraded? What migration protocol(s) was in place and implemented during the upgrade(s)? Network File System 19. List the network databases and file servers and any network storage devices in use by Company, and provide hardware type, operating system name and version, and physical locations. 20. What kinds of network locations existed (e.g., personal, departmental, project)? Did all users, by default, have a “home directory”? Did departments have shared network locations by default? 21. Were size limitations imposed on network locations? Was there a retention/deletion program? 22. Describe all redundant, backup, and disaster recovery systems used for network database and file servers and any network storage devices including hardware type, application name and version, media used, and the schedules on which data is saved. Identify the physical location of such systems, and rotation schedules for backup and disaster recovery media. If systems and procedures were not uniform, provide this information on a per-server basis. M E R R I L L C O R P O R A T I O N LITIGATION HOLD SUITE Sample IT ESI Questionnaire 23. Do you have at least one complete, nonincremental backup of each of your network database and file servers and any network storage devices for each month during the Relevant Period? If not, identify the months for which you do not have such a backup. For such months, do you have incremental or other backups from which a complete backup can be created? Is your backup system tiered? What are the tiers for the backup system? 24. Can specific files contained on network database and file-server backups be individually restored? 25. Describe any system used for document sharing (e.g., SharePoint Portal or iManage). 26. Identify the individual currently employed by Company who is most knowledgeable about network database and file-system data storage, backup and retention at Company during the Relevant Period. 27. Are any non-Company employees involved in management of the Company’s network file servers? If so, identify and briefly describe the role of each third party so involved. I S E T I E L E P R I SAM TIONNA S E QU Local Hard Drives 28. As a matter of Company policy or practice, were Custodians and employees’ desktop and laptop hard drives backed up? If so, describe the conditions or factors that resulted in the backup of employees’ desktop and laptop hard drives and state the normal retention period for such backups. 29. As a matter of Company policy or practice, were Custodians and employees permitted to save files, e-mails or other data to their desktop or laptop hard drives? 30. Was it technically possible for Custodians and employees to save files, e-mails or other data to their desktop or laptop hard drives? 31. Were any of the local hard drives replaced or upgraded during the Relevant Period? Was the information on these drives migrated and how? Other Computers 32. Did Company policy or practice permit, prohibit or otherwise control Custodian and employee use of computers not owned, operated or controlled by the Company to create, receive, store or send workrelated documents, files or communications? 33. Can Custodians and employees access e-mail Company networks, etc., via home computers? 34. Did Company policy or practice allow use of flash or thumb drives or other removable storage media? Is there a system to detect and record data copied to a flash or thumb drive? Did Company provide remote access to the Company network or e-mail? Were data transfers from/to non-Company computers possible via remote access? Other ESI 35. Identify any ESI created or modified during the Relevant Period that is not included in the categories listed above. Software 36. Identify the desktop applications that were in general use at the Company (including word processing, spreadsheet, presentation (e.g., Microsoft PowerPoint), document viewing (e.g., Adobe Acrobat), Internet browser and database (e.g., Microsoft Access) applications). Were any such applications replaced or upgraded during the Relevant Period? 37. Identify all applications used by the Company to perform the following functions: [examples could include financial accounting; financial forecasting or budgeting; voice mail, instant messaging and texting; Internet service provider; salesperson performance monitoring and management; sales pipeline monitoring and management; relational-management databases used, such as SQL, Oracle, SAP, etc., were any of these applications tailored to Company’s specific systems]. M E R R I L L C O R P O R A T I O N LITIGATION HOLD SUITE Sample IT ESI Questionnaire 38. Can Custodians and employees download software, either for personal or business use, onto Company computers and networks? General 39. What were the Company’s policy and practice regarding retention of e-mails, text messages, instant messages and other user data for Custodians and users who ceased to be employed by Company? 40. What were the Company’s policy and practice regarding retention of data on computer hard drives that were transferred between Custodians and employees, cleaned or removed from service? 41. Did the Company have documented policies and procedures regarding any of the topics addressed in questions 1 to 40 above? 42. Are computers shared between Custodians or employees? Are logins and passwords shared? Describe the security of the Company’s computer systems, including password protection and encryption. I S E T I E L E P R I SAM TIONNA S E QU 43. Describe any content-blocking systems put in place to manage or monitor Custodians’ and employees’ Internet usage. 44. Describe any “rogue” systems that employee and Custodians use in the day-to-day business at the Company. 45. Describe any “legacy” systems or software that the Custodians used in their day-to-day business. Describe how these systems or software were retired and what happened to the data stored on those systems. Litigation-Related 46. Does Company now have established procedures for retaining documents in the event of litigation? Were such procedures fully adhered to in connection with this litigation? 47. Does the Company employ any Early Case Assessment tools to preserve, collect and cull data that is relevant to this matter? Please describe the tool and identify the person(s) who operate or manage this tool. 48. Describe the scope of the litigation hold maintained by Company with respect to this litigation. Describe the procedures implemented by Company for maintaining such litigation hold. 49. Provide an Information or Data Map that shows the entire network and computer architecture for the company and how employees, and more importantly Custodians, access the network and computer architecture of the Company. 50. Identify any ESI that has been destroyed since [triggering event which prompted the Litigation Hold Notice]. With respect to such ESI, indicate whether such ESI was within the intended scope of the litigation hold described above. 51. Have there been any actual or anticipated litigations, arbitrations or government inquiries or investigations since the beginning of the Relevant Period that have resulted in the production of ESI, or the compilation of ESI in anticipation of production? ESI Deemed “Not Reasonably Accessible” 52. Identify any ESI in the possession, custody or control of the Company that it deems “not reasonably accessible” for purposes of this litigation. Yours truly, [Counsel name and contact information] Cc: General Counsel HR Representative One Merrill Circle | St. Paul, MN 55108 | 800.688.4400 | [email protected] | www.merrillcorp.com/tools2use M E R R I L L © Merrill Communications LLC. All rights reserved. MLS0595_1 C O R P O R A T I O N
