During sensitive, expensive discovery, nothing is more critical than the security of your electronically stored information (ESI). You can have impeccable records, defensible collection practices, and the best intentions, but an unexpected server problem such as a building fire, electrical surge, or security breach could result in the loss, corruption or inadvertent exposure of your data. Not only could you suffer sanctions from the court for failing to safeguard discoverable ESI, but you could also potentially lose information relevant to your casework.
While many law firms and organizations look to ISO standards (such as 27001), one of the most widely-accepted certification for supporting information and physical and business continuity, there’s another security standard that is lesser known, but equally important. The Uptime Institute, a security think tank, classifies data centers into four tiers. These tiers range from the least secure Tier 1, in which none of the components are redundant, to Tier 4, in which all systems have complete backups in case of failure.
For those lawyers who are more technically minded, what exactly do data centers and the tier system do to protect your ESI? In a Tier 3+ system , which may be as energy-intensive as a small city, all power supplies are fully redundant, using batteries or generators with an automatic switchover capacity to ensure that an outage will not affect your data storage or accessibility. These data centers also provide full environmental controls: HVAC systems to dissipate the tremendous heat generated by racks of data servers, humidifiers to prevent static electricity, and fire detection and suppression systems to prevent catastrophic losses.
Communications connections within a data center are also redundant, so that a problem with one network will not limit your access to data. In a Tier 3+ center, availability is expected to be at least 99.982%. In other words, compared to a Tier 1 system that may be offline for 28.8 hours per year, a Tier 3+ system cannot exceed 94.6 minutes of down time per year. Data security is ensured physically through employee screening, limited access including biometric screening, and visitor controls. Virtual security via encryption, firewalls, and intrusion detection systems further protect your ESI from loss or corruption.
Securing data is one of the most critical challenges facing legal, IT and security teams. Not only do users want to be able to ensure that their data is secure in a data center, but that they can access information at any time.