Selecting an eDiscovery vendor is always a hot topic among litigation support professionals. There can be a lot at stake—including the amount of stress you face later on. Before you commit, make sure you’ve asked the vendor these 3 important questions.
1. How do you staff and manage the project to ensure my needs are met for the contracted eDiscovery services?
In other words, tell me what I’m really going to mean to you and how you’re going to be there for me, day in, day out. One of the biggest complaints out there about eDiscovery vendors is that once the deal is done, service and support just don’t comport with the sales promises—once you become a customer, you’re just one among many with competing demands.
You should be looking for a relationship-focused provider with appropriate resources. eDiscovery projects can be unpredictable. Can the vendor handle potential complexities? What are the qualifications of the provider’s professionals? Is there a dedicated project manager that will be a primary point of contact? Is there a documented project management structure, with a resource listing showing expertise and certifications? Is there 24×7 support if you should need it? Can professional and physical resources be scaled to address a change in data volume?
Other important considerations: does the vendor offer an array of diversified services? If so, this could divert resources and attention away from the services you’re contracting. Are they a product of a recent acquisition? If so, integrated practices and protocols may not have thoroughly jelled, resulting in a bumpier ride for new and existing clients. Also make sure to consider any activities that might be outsourced and to whom; it may turn out to be a different group of people you’ll be relying on for certain services. Who is responsible (or liable) for outsourced activities? Make sure the roles, relationships and responsibilities among you, the vendor and the outsourced part(ies) are clearly laid out.
A personal relationship with those who are doing the work can make all the difference. Know who they are. Meet them if possible, and go with your gut. Are these professionals who are attentive to your concerns? Will they be proactively communicating with you or waiting for you to call them? Have they thoughtfully answered your questions so far? Luckily, the eDiscovery world is contained enough for reputations to make their way around; don’t hesitate to seek feedback from your peers or other sources.
2. What kind of information and metrics will you provide so that I’m always in the know and can make sure costs are under control?
Translation: How will I know that I’m getting the value I expect before it’s too late to do anything about it?
With all of the moving parts that can comprise an eDiscovery project, one wrong move can drive the project (and the costs) off the rails. Every eDiscovery vendor should have in place quality assurance procedures that document workflow events as well as metrics to measure and demonstrate performance quality. Make sure you know and understand what those metrics are, how they are calculated and how (and how regularly) they will be communicated to you. If technology-assisted review is part of the picture, metrics play an especially critical role as they may be requested by the opposition or the court to substantiate the validity of the process that was used.
eDiscovery project metrics can be complex enough to challenge even the most knowledgeable, so if you’re not sure what they mean, ask for a better explanation or get assistance from someone who knows more than you do. The last thing you want are surprises, and reliable metrics provided in a timely manner are the best way to avoid them.
3. How do I know our data will be safe with you?
Ah, the question of our times. Corporations are going to greater and greater lengths to protect against potential hazards, but we often fail to consider that those with ill intent know that corporate data leaves the premises in litigation and can thus be vulnerable elsewhere. (If your vendor lists you on their website, they may even know where.)
It behooves you to have a full description and see corroborating evidence of the systems and protocols the vendor has in place to screen personnel, protect the physical data site, secure hardware and software systems, and provide backup and disaster recovery. It is not uncommon these days for full security questionnaires to accompany vendor RFI’s or RFP’s.
The truth is that in today’s world all data is at risk. But there are ways to mitigate that risk, and the security measures in place to protect corporate data with a vendor should be just as robust as they are behind the company’s firewall – there’s no excuse for anything less. Responsibility, liability and remediation for a breach should be at the top of the list of concerns and spelled out to the fullest extent possible in any contractual agreement. No entity holding data is invulnerable. But there should be no skimping on the due diligence required to confirm that your data is as least as safe with your vendor as it is with you.
Explore H5’s eDiscovery services and learn more about how we address these concerns.
For a rigorous consideration of the selection of eDiscovery providers, check out the following resource:
The Sedona Conference, Guidance for the Selection of Electronic Discovery Providers, 18 Sedona conf.J._ (forthcoming 2017), accessible through the following link on the Sedona Conference® website: https://thesedonaconference.org/download-pub/5194.