Asking the Right Questions: The Evaluation of Ediscovery Vendors [Part I]
Law firms and corporate legal operations departments frequently leverage ediscovery technology to effectively and efficiently respond to litigation, investigations, due diligence, or regulatory requests. With the big data boom, a rush of ediscovery software solutions has flooded the market to address the need for handling enormous volumes of electronically stored information (ESI).
Not only has the number of ediscovery vendors grown significantly but so has the list of capabilities provided by each vendor. And while tempting to assume that the software with the most features will be the best solution, ediscovery is much more complex than a features numbers game. Simply adding more features into a product does not mean users will be able to get the most of it, nor does it mean that it will lead to more efficient reviews. In many cases, added complexity can lead to more inefficient outcomes.
Given the plethora of ediscovery vendors on the market, organizations are now experimenting more than ever, test driving new technologies in the hopes of finding a solution that will address their needs today and, perhaps, well into the future. As ediscovery technology continues to evolve to meet the changing needs of the market — whether that be migrating to the cloud or supporting the growing array of data sources —buyers of the technology now often find themselves at a disadvantage, trying to evaluate a wide selection of vendors, navigate an ever-growing list of capabilities, and understand how to apply them to different use cases.
Asking the Right Questions When Evaluating Ediscovery Vendors
Unfortunately, some organizations treat the selection of an ediscovery solution as a transaction: a means to an end. But since ediscovery is becoming such an increasingly critical component of business operations, selecting a solution should be viewed less as a one-time transaction and more like entering a long-term relationship with a trusted business partner. And to maximize the return on investment in that partnership, it’s critical to ensure not only that the technology checks all of the boxes but that the technology vendor does too.
Before committing to an ediscovery partnership, it’s incredibly important that legal professionals ask the right questions to ensure that their needs will be met.
Is Security the Top Priority?
In ediscovery, security is a serious concern, particularly since legal cases involve sensitive information that various third parties must review. Organizations and their customers must be confident that robust security measures are in place to ensure appropriate access to data.
Lack of proper security measures and certifications exposes client data to security vulnerabilities such as hacking or breaches of highly valuable information. The 2020 Cost of a Data Breach Report reports the global average cost of a data breach is $3.86 million. It should be obvious that all ediscovery providers should have a security-first mentality and take a proactive approach to security.
Security is more than just a checkbox and having a security-first mentality goes well beyond just using a secure cloud infrastructure provider. It means baking security into the DNA of the organization. The scope should span the entire security posture of the ediscovery vendor, including everything from managing the physical access of their building to employee training to technical safeguards, like intrusion detection and penetration testing.
When evaluating vendors, asking questions about their broader philosophy and overall approach with respect to security will help assess whether or not they take security as importantly as you do. But the closest thing to “proof” that a vendor can produce is third-party validation of their approach. An ediscovery solution should have its own security certifications rather than simply pointing to those of its vendors. Appropriate examples of credentials may include SOC 2 Type II, HIPAA, GDPR, or FedRAMP.
To unearth how deeply ingrained security is into the vendor’s DNA, here are some additional questions to ask when assessing the security posture of a vendor:
Do they have a security and compliance program that includes written policies, procedures, regular training, and an employee code of conduct prioritizing security?
Does accountability for the security and compliance program rest with a senior leader?
How does the organization perform risk assessments, security monitoring, and third-party audits? What technical and organizational measures are in place (e.g., vulnerability scanning, penetration testing, encryption of data, cloud security controls, data inventories, and mapping)?
WPIs the Organization Transparent?
With ediscovery accounting for up to 70% of litigation fees, transparency in pricing is of paramount importance in any ediscovery solution. Unfortunately, thanks to a few bad actors, the pricing murkiness in the ediscovery industry makes it really difficult to compare the costs of any given set of ediscovery solutions across different providers, platforms, and services.
Hidden lines in contracts, masking additional fees, can lead to dramatic, unexpected costs. One ediscovery solution provider may charge extra for time-saving analytics features, like predictive coding or email threading. Another vendor may charge for additional user licenses. Another may provide you with hard-to-use software, then charge additional fees in the guise of project management services. It is also quite common to see a vendor charge for processing fees, including OCRing per page, imaging per page, or endorsing production images per page.
A transparent ediscovery vendor should commit to an avoidance of mysterious calculations at invoice time. Redoing client and vendor bills as you scale a case up or down is a poor experience. Not only is it difficult to guess how many reviewers or how much training you might need, but it also makes it difficult to budget for projects. Vendor pricing should be easy both to understand and predict. It should be free of setup fees, processing fees, user fees, training fees, technical support fees, exporting fees, predictive coding fees, production fees, foreign language translation fees, printing fees, and so on.
Some additional questions to guide your assessment of a vendor’s level of transparency include:
Will I get charged every time I contact the support organization? What about training?
Do salespeople understand all the complexities of the product and provide straightforward, honest assessments of the capabilities?
Are you interested in learning more about tips for evaluating ediscovery vendors? Stay tuned for Part II of this blog series (coming soon) or check out our ebook, “A Critical Evaluation of Ediscovery Vendors.”