I D C ' s W o r l d w i d e L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y,

I N D U S T R Y D E V E L O P M E N T S A N D M O D E L S

I D C ' s W o r l d w i d e L e g a l D i s c o v e r y I n f r a s t r u c t u r e

T a x o n o m y , 2 0 0 9

Vivian Tero

I D C O P I N I O N

This IDC study provides an overview of IDC's legal discovery infrastructure competitive market segment. This document provides an overview of the research methodology, definitions, and segmentation of the legal discovery infrastructure competitive market to help clients understand how the program sizes and forecasts the opportunity for players within this market. Key details to note are:

 Competitive markets are defined as combinations of whole or fractions of functional markets (hardware, software, and services) that reflect such market dynamics as the problem being solved or the technology on which it is based.  The legal discovery infrastructure competitive market is a vertical slice of the

broader compliance infrastructure competitive market, which can be segmented into two distinct but overlapping competitive segments — information management governance, risk, and compliance (GRC) and IT operations GRC. Legal discovery is embedded in the information management GRC category.  The market for legal discovery therefore includes the use of information

technology to manage both physical and electronically generated information and records, taking into account the unique requirements of the access, retention, and integrity of electronically generated information.

 Technology solutions are employed by corporate litigants to document and manage the electronic discovery (ediscovery) business protocols, manage the disposition and retention of potentially relevant electronically stored information (ESI) in a legally defensible manner, contain information mismanagement risks, and provide the corporate litigants and legal counsels with the information they require to craft and execute their legal strategy.

 Managing ESI for legal discovery also impacts the corporation's disaster recovery, business continuity, acceptable use and communications, and data privacy objectives. Legal discovery requirements therefore influence spending on storage services, IT infrastructure services, security services, and hardware.  IDC's worldwide legal discovery infrastructure research does not include the

solutions and technologies that enable the presentation phase of the electronic discovery reference model (EDRM).

I N T H I S S T U D Y

This IDC study provides an overview of IDC's legal discovery infrastructure market research taxonomy. Legal discovery infrastructure is a competitive market and a segment of the information management GRC competitive market. Information management GRC is a component of the broader compliance infrastructure competitive market. (For more information on this, see IDC's Worldwide Compliance

Infrastructure Taxonomy, 2009, IDC #217572, March 2009.) The IDC legal discovery

infrastructure taxonomy document provides an overview of the research methodology, definitions, and segmentation to help clients understand how the program sizes and forecasts the opportunity for players within this market.

S I T U A T I O N O V E R V I E W

G o v e r n a n c e , R i s k M a n a g e m e n t , a n d

C o m p l i a n c e a n d t h e C o m p l i a n c e

I n f r a s t r u c t u r e C o m p e t i t i v e M a r k e t

Compliance

Regulations are, by their very nature, descriptive. IT compliance interprets these regulations into a set of policies, identifies the associated storage and computing assets that are impacted by these policies, and defines the appropriate controls and control objectives. IT compliance therefore formalizes the content, framework (such as CobiT), and associated activities that corporations would adopt based on their interpretation of the law, regulation, and corporate policies. IT compliance includes the corporation's information management and storage infrastructure, acceptable use, data privacy, application availability and performance, and information security policies. The controls and control objectives allow the company to define its baseline (or desired state) by which ongoing IT compliance operations will be measured.

Risk Management

Risk management provides a disciplined approach to managing uncertainty by identifying potential risks, defining the organization's tolerance or appetite for risks relative to the benefits and the cost of mitigating such risks, assigning probabilities of the occurrence of risks, developing strategies to manage risk, and prioritizing assets and resources accordingly. Corporations typically classify their risk management efforts into the following broad categories that are oftentimes intertwined: operational risk, legal and compliance risk, financial risk, strategic risk, geopolitical risk, and environmental risk. IT compliance primarily centers on addressing legal and regulatory risks, although it may also include elements of strategic and operational risks. IT risk management enforces a structure that enables IT organizations to manage uncertainty in the IT environment such as application outages, the creation of new vulnerabilities resulting from unplanned changes, and violations of the firm's information management and retention policies. IT risk management goes beyond the IT security discipline (although this will continue to be a major component) to include the firm's IT operations, applications development, and information and storage

management practices. The ability to encapsulate the linkages between a potential material event and its risk profile, the affected information, and storage assets and computing resources, as well as the overlapping and compensating controls, is best achieved through automation. Automation enforces consistency in the enforcement, auditing, and reporting of policies and risk mitigation efforts.

Governance

According to the IT Governance Institute, IT governance consists of the leadership, organizational structures, and processes that allow an IT organization to sustain and extend a firm's strategies and objectives. IT governance and the effective application of an IT governance framework are critical in helping enterprises gain more value from information and information technology while ensuring that IT remains aligned with the enterprise strategy, values, and culture. Effective IT governance formalizes IT oversight and accountability. It facilitates resource allocation and decision making and enhances communication and performance between business units and IT and across IT functional silos. IT governance also facilitates compliance and audits by documenting processes, controls, and decision authority.

Compliance Infrastructure

Governance, risk management, and compliance disciplines are inexorably intertwined. The solutions that organizations employ to enforce operational and financial management accountability and facilitate the allocation of people, processes, and IT assets, while enforcing their information management, resiliency, availability, and security objectives, make up the compliance infrastructure competitive market. IDC considers compliance infrastructure as a competitive market, which IDC defines as combinations of whole or fractions of functional markets (hardware, software, and services) that reflect such market dynamics as the problem being solved or the technology on which it is based. A functional market is defined in terms of the features, functions, and attributes of the technology, rather than the usage or problem being solved. Competitive markets are typically more ad hoc because they are meant to reflect current market approaches, coalitions, standards, and software architectures. Some competitive markets have been modeled to address a broad solution market category. Others, for example, define a market view particular to an architecture.

IDC utilizes prior IDC research into the system and network management software, security, storage, collaborative applications, and content applications secondary software markets spending, as well as the associated services and hardware required to deliver the solution, as the baseline for this analysis.

IDC's information technology taxonomy represents a collectively exhaustive and mutually exclusive view of the worldwide information technology marketplace. This taxonomy is the basis for the relational multidimensional schema of IDC's IT

Spending Black Book and Market Forecaster research database. The information

from these continually updated databases is used to generate consistent market sizing and forecasts.

C o m p l i a n c e I n f r a s t r u c t u r e T e c h n o l o g y P i l l a r s

The compliance infrastructure competitive market is made up of the infrastructure technology pillars described in the sections that follow.

IT Policies and Controls Management

These solutions support the policies' documentation and the mapping of regulatory, legal, and IT operations and risk management policies to the relevant applications, databases, systems, and business and systems custodians. Critical capabilities include the ability to encapsulate the control metrics and the associated risks profiles and tolerance levels, provide workflows that automate the risks assessment process, and support the mapping of IT policies to the "custodian" of the business process and IT assets, as well as enable the capture of the custodians' attestation of their responsibilities and activities related to the IT compliance requirements.

IT Policy Execution

At a high level, solutions in this area facilitate the secure use and sharing of business information within and across the enterprise; support the movement of information across the enterprise records and information infrastructure; ensure the availability and integrity of the information; enable enterprises to better manage changes in their IT environment; ensure agreed-upon SLAs and continuous services and the availability of the IT processes; and address IT operations security, including perimeter and network security, controlled access, and acceptable use. The solutions in this area are therefore made up of existing records management, information infrastructure, IT operations, availability, and security applications.

Controls Testing, Monitoring, Remediation, and Reporting

Solutions in information management, storage, security, and system and network management have native capabilities to test, monitor, audit, remediate, and report compliance or noncompliance to policies. Governance, risk management, and compliance objectives require IT operations, audit, and risk professionals to make sense of activities log across a myriad of applications and systems. Integrated compliance monitoring, audit, remediation, and reporting solutions focus on automating the workflows that facilitate these activities across diverse applications and systems, relative to the key risks metrics and control objectives defined in the IT Policies and Controls Management section.

C o m p l i a n c e I n f r a s t r u c t u r e

C o m p e t i t i v e S e g m e n t s

Compliance infrastructure technologies enable an organization to demonstrate a level of control over four key attributes:

 Information integrity  IT process integrity  Controlled access

 Information retention

The spending trends point to two major subcategories within the compliance infrastructure competitive market:

 Information management GRC. Legal discovery, regulatory-mandated information retention, and data privacy are the primary motivators for investments in information management GRC. Corporate activities are primarily focused on the retention and disposition of data. Corporations are also looking to automate information management processes and demonstrate the consistent enforcement of their retention, disposition, preservation, and acceptable use policies.

 IT operations governance, risk management, and compliance (IT Ops GRC). Activities and investments focus primarily on ensuring the process integrity, security, and resiliency of the IT environment.

Information management GRC focuses primarily on the information management and storage infrastructure operations, while IT operations GRC centers on technical process integrity on the computing resources layer of the IT stack. The technical processes for demonstrating controlled access and information integrity are the primary areas of overlaps across the information management GRC and IT operations GRC segments.

Figure 1 illustrates IDC's view of competitive market structure of the compliance infrastructure competitive market.

F I G U R E 1

I D C ' s C o m p l i a n c e I n f r a s t r u c t u r e C o m p e t i t i v e M a r k e t M o d e l , 2 0 0 9

L e g a l D i s c o v e r y

Legal discovery is defined as the efforts of a party to a lawsuit and its legal counsel to obtain information before trial through demands for production of documents, depositions of parties and potential witnesses, written interrogatories, written requests for admissions of fact, examination of the scene, and petitions and motions employed to enforce discovery rights. The theory behind broad rights of discovery is that all parties will go to trial with as much knowledge as possible and that neither party should be able to keep secrets from the other (except for constitutional protection against self-incrimination).

The explosion in the volume of electronic data generated during the normal course of business and the ability of information technologies to capture and maintain several copies (including different versions of working drafts) of documents underscore the challenges companies face in managing information for electronic discovery. It also highlights why the courts do not equate paper-based discovery with electronic discovery. According to the Sedona Principles, there are many ways in which producing electronic documents is qualitatively and quantitatively different from producing paper-based documents. These differences are defined by a set of broad categories, including volume and duplicability, persistence, changeable content, obsolescence, and dispersion and searchability. The unique characteristics of legal discovery for electronically generated information are particularly obvious during the collection, paring, and review phases.

The Sedona Conference is a nonprofit, 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights. (For more information on the

Sedona Conference and the Sedona Principles, see

www.thesedonaconference.org.)

Despite critical differences between paper-based and electronic discovery, the underlying legal discovery and litigation support processes are similar, as discussed in subsequent sections.

Litigation involves both paper-based and electronically generated responsive materials. Physical records are eventually scanned into electronic format (through an OCR engine) to enable full-text keyword searches and coded to capture specific and predefined metadata (e.g., author, date, and number of copies). These images are loaded onto a discovery software platform that legal counsel uses to review, collaborate, and manage the evidence.

The market for legal discovery therefore includes the use of information technology to manage both physical and electronically generated information and records, taking into account the unique requirements on the access, retention, and integrity of electronically generated information.

T h e L e g a l D i s c o v e r y I n f r a s t r u c t u r e

C o m p e t i t i v e M a r k e t

Legal discovery infrastructure is a segment of the information management GRC market. It focuses on the capture, management, retention, and disposition of data so that business organizations can demonstrate legally defensible records retention, preservation, and collection practices. Technology solutions are employed by corporate litigants to document and manage the ediscovery business protocols, manage the disposition and retention of potentially relevant ESI in a legally defensible manner, contain information mismanagement risks, and provide the corporate litigants and legal counsels with the information they require to craft and execute their legal strategy.

IDC's legal discovery infrastructure taxonomy is based on the electronic discovery reference model shown in Figure 2 (for more information on this, see

www.edrm.net). EDRM was made available to the public domain since May 2006

and is intended to provide a common, flexible, and extensible framework for the development, selection, evaluation, and use of electronic discovery products and services. IDC's worldwide legal discovery infrastructure research does not include the solutions and technologies that enable the presentation phase.

F I G U R E 2

E l e c t r o n i c D i s c o v e r y R e f e r e n c e M o d e l

Source: EDRM.net, 2009

The legal discovery process chain involves the critical activities discussed in the sections that follow.

Information Management

IDC research sized the digital universe at 281 billion gigabytes as of 2007 and close to 487 billion gigabytes in 2008. The 2009 Digital Universe Study forecasts that the size of the digital universe will double every 18 months. The explosion of digital cameras, televisions, surveillance, sensor-based applications (such as GPS), datacenters supporting cloud computing, and social networks account for this projected growth. The study concludes that the amount of information that are "compliance intensive" will grow from 25% of the digital universe in 2008 to 35% of the digital universe in 2012. Corporations have the obligation to define and consistently enforce legally defensible protocols for the capture, retention, management, and disposition of compliance-intensive data. IDC also forecasts "security intensive" data will grow from 35% of the total information created today to roughly 45% of the digital universe by the end of 2012. Many organizations — particularly large enterprises — have information and storage infrastructures that are complex and highly distributed. Corporations, many of which go through mergers, acquisitions, and divestitures, have multiple layers of technology silos. IDC research in the past three years also concludes that many organizations continue to have immature corporate information management and litigation preparation readiness programs. Add to these factors today's economic climate, which translates into tight corporate budgets. There is a lot of ambiguity on the timing between the time a "duty to preserve" exists and the date when the suit is filed. For example, in Philip M.

Adams & Associates LLC v. Dell Inc. (2009 WL910801), ASUS (Taiwanese computer

board manufacturers involved in a patent infringement case) was sanctioned by the courts for spoliation for failure to implement a litigation hold and preserve email in 1999, eight years before the actual suit was filed.

The volume of potentially relevant ESI could balloon between the time when a duty to preserve exists and the actual date when the suit is filed. The fear of court sanctions from spoliation combined with the lack of visibility into the universe of ESI is driving many legal counsels to err on the side of overpreservation. Once a suit is filed, corporate litigants and their legal counsel have from 100 to 120 days to determine the exposure, gauge the merits of the suit, conduct the "meet and confer," and present a discovery schedule to the courts. The activities and negotiations can be very daunting and fraught with risk and uncertainty if the corporate litigant does not have sound protocols for information management and ESI preservation and collection. A corporation's information management practice functions as one of its first line of defense during a litigation event. The key activities include:

 Creating file plans and documenting policies for the identification, classification, definition, disposition, and destruction of records and nonrecords (duplicates, convenience copies, version control) of both physical and electronically stored information

 Developing and documenting policies and practices for scheduled deletion/destruction on nonrecords

 Developing and documenting policies and practices for suspending routine destruction practices when a duty to preserve arises

 Developing and documenting policies and practices for terminating the suspension of routine destruction programs (i.e., releasing the hold)

 Collaborating with storage and IT operations team to develop storage plans  Enabling federated retention management across multiple content repositories  Collaborating with information security team to align classification scheme and

corporate records taxonomies with information security classification schema, and developing acceptable use and communications policies and technical procedures

 Developing an ediscovery response plan and identifying core response team  Developing, communicating, training, and reinforcing the corporate retention

program

 Documenting protocols for handling exceptions and localization requirements relative to the corporate global information retention guidelines

Identification, Preservation, and Collection

These activities can be done by the corporations within their datacenters and corporate networks or in conjunction with professional service partners and managed service partners, or a combination of both internal and partner-led solutions. Increasingly, serial-litigant companies are investing to build repeatable business processes and technical capabilities for managing electronically stored information during these phases.

I d e n t i f i c a t i o n

EDRM refers to identification as the process of learning the location of all data that the litigant may have a duty to preserve and potentially disclose in a pending or prospective legal proceeding. The process involves identifying the relevant custodians and creating an information map with the location of potentially responsive material across the entire information infrastructure, including files residing in network file shares, removable hard drives, employee laptops and desktops, and even information stored offsite. The activities in the identification phase are useful in determining the scope of the legal discovery and prepare the producing party to prepare for the meet and confer and eventual discovery conference. Key activities during the identification phase include:

 Determine the breadth, scope, and depth of ESI that might be pursued during a potential discovery.

 Conduct internal investigation.

 Develop and document guidelines on key activities/checklist once a duty to preserve is determined by legal counsel.

 Document the legal holds creation and notification process, define the workflows for tracking the corporations' legal holds notification and management process,

send alerts when action is required, and create and manage the legal hold termination process.

P r e s e r v a t i o n

Preservation refers to the actions an organization performs when its legal counsel has

determined that a duty to preserve exists. Once the litigant and its legal counsel have determined the potentially responsive materials and their associated owners or custodians, the first step in the collection process is to preserve the data. The resulting file is referred to as the corpus. The protracted timeline between the events that triggered a duty to preserve potential evidence and the actual date when a lawsuit is filed in court means that massive volumes of potentially responsive data can accumulate in the interim. This situation is further exacerbated by the need to preserve potentially responsive information in multiple global locations, platforms, and formats. Preservation can be particularly taxing for storage and IT operations budgets. Legal counsels and legal technology operations could also face management issues from multiple and multijurisdictional litigation holds. Overpreservation of potentially relevant ESI can lead to overcollection and result in bloated attorney review costs. Litigants and their legal counsel have to balance the need for better precision and efficiency in the entire legal discovery process with the need to reach the "optimal" size for the corpus. Readers should note that the intent of the producing party is to reduce the size of the corpus at each phase of the discovery. During this phase, it is important that legal counsel understands the client's protocols for managing data for legal preservation. It is also important for the corporate litigant to ensure that its IT functions are aware of the chain-of-custody implications of their data management practices for handling ESI. Key activities during the preservation phase include:

 Ensure potentially relevant ESI is protected from destruction and alternation once legal counsel has determined a duty to preserve.

 Conduct initial investigations to get better visibility into the merits of the matter and narrow the scope of the preservation.

 Start preparation of case data and analysis for the meet and confer.

 Create and manage a centralized repository for custodian responses and status reports as well as the policy creation and administration related to records retention and legal hold.

 Capture and manage potentially responsive ESI for preservation, collection, paring, review, and production.

 Facilitate the protocols for the search of potentially responsive ESI across multiple repositories.

C o l l e c t i o n

The collection phase is performed by the corporation on ESI, which has been marked as potentially responsive in the identification phase and preserved and is intended to be reviewed before production to opposing parties. Litigants are required to ensure that the information is collected in a manner that is comprehensive, maintains its

content integrity, and preserves its form. In many instances, metadata may also need to be collected and maintained to demonstrate chain of custody. The courts and litigants also presume that responsive evidence can be produced and reviewed in native file format. Key activities in the collection phase include:

 Develop legally defensible processes and activities for gathering potentially responsive ESI, upon an order/request to produce.

 Create a forensic duplicate of potentially relevant/responsive data to prevent loss and establish a full chain of custody.

 Computer forensics (which involves the restoration of tapes; files; and encrypted, compressed, and password-protected data) may be invoked to locate and collect lost and deleted electronically stored information.

 The collection of physical records would have litigants collecting the documents from their storage site (e.g., cabinet files and offsite storage in microfiche/paper-based formats) and making copies or scanning the relevant documents to Tagged Image File Format (TIFF), a widely supported file format for storing bitmapped images on personal computers. Consistency, having the ability to make forensically sound copies, and maintaining chain of custody are critical to the preservation and collection process.

Processing, Review, and Analysis P r o c e s s i n g

Depending on the business process domain knowledge of the corporation and on its technical capabilities, paring and processing of the postcollection ESI can be done internally or by a service provider partner (an ediscovery service firm or external counsel). Domain knowledge on the impact of the technology processing on the ESI chain of custody is critical.

The decision on where and who manages the ESI and the review and production application is influenced by the domain and technical capabilities of the corporate litigant, the volume and type of ESI that needs to be processed, the complexity and type of the legal matter, and the number of legal teams involved in the case. Key processing activities include:

 Develop tape restoration and file and document extraction.

 Because of the persistent nature of digital data, exact duplicates of files can exist in several locations. For example, exact copies of an email attachment can be found in the inboxes of everyone on that particular email thread's distribution list. The cost of having attorneys review the same attachment several times over can easily balloon. Deduplication identifies and segregates files that are exact duplicates and offers potential savings by significantly reducing the volume of ESI for document review. Deduplication can be applied globally (the entire collection set) or by custodian, depending on the file type and the circumstances of the legal matter. Deduplication protocols are typically discussed by opposing parties during the meet and confer. Deduplication technologies employ metadata

and hashing algorithms (MD5 hash, SHA-1, or SHA-180) to create a unique digital fingerprint of each file, while still ensuring chain of custody. It is important to note that deduplication technologies are not similar to near-duplication technologies. Near-duplication technologies are typically employed in the latter stages of processing and analysis to identify and compare similar but not exact duplicates (such as different versions of a draft or email threads).

 Identify and programmatically segregate time frames, file extensions, file types, and system files, which are deemed as not relevant to the matter.

 Leverage text analytics and storage technologies to eliminate nonresponsive, duplicate, and irrelevant data. Documentation of key processes is critical to ensure that chain of custody is not broken.

 Early case assessment (ECA) applications are increasingly employed by corporations and their counsel to enable legal counsel to have better visibility into the narrative, topics, and issues. These ECA tools also help legal counsels identify key players and social relationships across witnesses and get a better understanding of the narrative and merits of the case — valuable information for shaping their legal strategy. In some instances, legal counsels employ the ECA tools to determine the keywords they would negotiate on with opposing party during the meet and confer. ECA tools are also employed by counsel to develop its document review assignment strategies. In addition to Boolean and keyword-based searches, ECA tools typically provide concept search, clustering, visualization, and bulk-tagging capabilities.

 Prepare the corpus for review by converting to TIFF/PDF and load to document repository (which is typically based on a content management platform).

 Convert ESI to more readily usable formats, although support for native file review is increasingly becoming more popular.

R e v i e w a n d A n a l y s i s

Anecdotal data suggests that serial litigants are looking to rationalize both the number of outside law firms and litigation support service providers. Some serial litigants are also exploring ways to build up their in-house review capabilities. Several are testing pilots of different review applications while still employing the services of outside litigation support service providers for larger, more complex matters. The decision on the IT architecture (where and who) for managing the ESI during review and analysis is a function of the litigation profile of the company, the complexity and type of litigation, the maturity of the corporation's in-house ediscovery capabilities, the volume and type of ESI that needs to be reviewed, and the number of legal teams involved in the case. Depending on these aforementioned attributes, a corporation may choose to conduct the first-level review (relevance review) internally, or it may choose to use a litigation support service provider. In matters where subsequent levels of review (for privilege, language, etc.) are required, the ability of the review application to support the associated workflows is critical. Disjointed workflows can incur additional costs from having to transfer content to other tools to facilitate key activities (Bates numbering, creating TIFFs for redaction, etc.). Key activities include:

 Legal team conducts the second phase of review — reviewing documents for privilege and relevance, and redacting privileged, confidential info.

 Legal team evaluates ESI to determine such information as key topics, important people, specific vocabulary and jargon, and important individual documents.  Legal team negotiates with opposing counsel on the form of production (native,

TIFF, etc.) and delivery media (CD, FTP site, etc.) and, upon agreement, transfers production set to appropriate media.

 Legal technology operations work on the configuration of the ESI and related data for loading into specific software packages (for analysis by opposing party).



Producing party (the corporate litigant) would facilitate secure delivery of production set to the relevant parties (opposing counsel, partner firms, outside counsel, and government agencies).

Production

In this phase, the final set of responsive materials is produced in the appropriate media and delivered to the relevant parties (such as a regulatory agency for audits, opposing parties' legal counsel, partner firms, and outside legal counsel) for outside review.

Rule 26(f) of the 2006 amendments to the Federal Rules of Civil Procedure for eDiscovery requires opposing parties to negotiate and agree on the format of production early on in the case. The agreements entered into by both parties on the production of ESI during the meet and confer impact the litigants' review strategy, project management, and the choice of ECA tools and document review and production platform applications. As mentioned in the prior section, applications that support an integrated workflow throughout review, analysis, and production can provide processing costs savings.

Increasingly, there is a preference among requesting parties that the producing parties support both TIFF-based and native file production. Litigation support vendors continue to invest in their datacenter infrastructure and deliver more flexible review platforms.

Digital rights management and encryption technologies are also being utilized in the production phase to expire the ESI (after the matter is closed). The use of these content security applications ensures that the litigant's records management and information retention practices will continue to be enforced, even when a file goes outside the control of its datacenter infrastructure.

When ESI is identified as responsive in multiple matters, corporations and service providers invest in functionalities that would facilitate the secure reuse of work products (when appropriate).

T h e L e g a l D i s c o v e r y I n f r a s t r u c t u r e

T a x o n o m y , 2 0 0 9

As shown in Figure 3, the process for legal discovery is not accomplished by one functional application. The complex and distributed nature of most companies' information management and storage infrastructure makes it challenging to rely on one particular application and service alone. Archiving, search and discovery, forensics/incident management, records management, and content management are core applications to managing the ESI and documenting the workflows throughout the litigation life cycle. Managing ESI for legal discovery also impacts the corporation's disaster recovery, business continuity, acceptable use and communications, and data privacy objectives. Legal discovery requirements therefore influence spending on storage and security services and hardware. All of these components define the legal discovery infrastructure competitive market.

Table 1 illustrates the hardware, software, and services functional market components that make up the legal discovery infrastructure competitive market.

F I G U R E 3

I D C ' s L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y , 2 0 0 9

T A B L E 1

I D C ' s L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y , 2 0 0 9 Legal Discovery and Litigation Support

Value Chain Product Groups Functional Markets and Services Comments

Information management Software Content management (including records management and BPM workflow automation) Software Archiving and HSM (email, file, SharePoint,

voice, video, and SAP) Software Database archiving

Software Imaging/document management Software Data loss prevention (DLP), content and

messaging security Software File system software Software Collaborative technologies

(SharePoint/Notes)

Software Search and discovery (including search, classification, and indexing)

Services Records retention consulting services (including data discovery and classification) Services Technology escrow

Services Archiving services

Services Physical records management services Services Litigation readiness consulting Services Content migration services

Identification, preservation, and collection Software Data loss prevention, content and messaging security

Software OCR/document conversion Software Network visualization Software Forensic software

Software Security incident and event management software

Software Search and discovery (including search, classification, and indexing)

Software Content management (including records management and BPM workflow automation) Software Archiving and HSM (email, file, SharePoint,

T A B L E 1

I D C ' s L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y , 2 0 0 9 Legal Discovery and Litigation Support

Value Chain Product Groups Functional Markets and Services Comments

Software Database archiving

Software Imaging/document management Software File system software

Services Scanning/copying services

Services Litigation response IT consulting services (including audit, ESI data mapping, and ediscovery IT infrastructure architecture) Services Discovery response planning

Services Meet-and-confer consulting Services Computer forensics Services Bulk data culling

Services Data extraction/tape restoration/content migration services

Services Tape cataloging services Processing, review, and analysis Software Document conversion software

Software Search and discovery (legal review

applications, advanced search and discovery technologies)

Software Content management

Software Content management (including records management and BPM workflow automation) Software Forensic software

Services TIFF conversion

Services Hosted litigation support services Services Project management

Production Software Document conversion software

Software Imaging applications Software Encryption

Software Digital rights management

Services Blowback/copy (print)/TIFF production Services Hosting (production data)

T A B L E 1

I D C ' s L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y , 2 0 0 9 Legal Discovery and Litigation Support

Value Chain Product Groups Functional Markets and Services Comments

Services Project management Services Quality assurance

Services Chain of custody reporting and expert testimony

Horizontal applications and technologies (deployed throughout the entire value chain)

Core infrastructure applications, services, and hardware (to support availability, data integrity, and resiliency of data throughout the EDRM life cycle)

Software Data protection and recovery software

Software Storage device management software Software Storage infrastructure software Software Storage management software Software Storage replication software Software Case management software Software Project management software Software Vendor management apps software Software Data integration and access software Software Enterprise portals software

Software Identity and access management (IAM) software

Software Encryption software

Software File system software New

Software RDBMS New

Software Nonrelational DBMS New

Services IT security infrastructure services New Services Legal discovery project management

services

Services eDiscovery and litigation support services

T A B L E 1

I D C ' s L e g a l D i s c o v e r y I n f r a s t r u c t u r e T a x o n o m y , 2 0 0 9 Legal Discovery and Litigation Support

Value Chain Product Groups Functional Markets and Services Comments

Services IT infrastructure services New

Hardware Security appliance (content filtering, hardware-based encryption) Hardware Storage (HDD)

Hardware Storage systems Hardware Tape drive Hardware Tape automation Source: IDC, 2009

F U T U R E O U T L O O K

The IDC legal discovery infrastructure competitive market taxonomy is updated annually to reflect the changes in the dynamics and use cases. Corporations are taking steps to:

 Develop repeatable processes for managing communications and workflows for responding to a litigation hold

 Develop repeatable technical protocols for managing ESI to fulfill their legal hold obligations

 Employ corporate investments in content management, search and discovery, and archiving solutions to support the technical processes for the information management, identification, preservation, and collection phases of legal discovery

Also, emerging technologies and service delivery models continue to disrupt the services segment, resulting in upward adjustments to the ediscovery services, as well as the contribution from the IT storage, IT security, and IT infrastructure services segment.

Corporate retention and preservation efforts impacted the corporation's business continuity, disaster recovery, and data privacy requirements. These requirements were not originally incorporated in the prior period's competitive market models. As a result of the changes in the assumption, the revenue contribution from storage services and security services was included in the updated taxonomy and competitive market models.

E S S E N T I A L G U I D A N C E

The 2009 IDC legal discovery infrastructure taxonomy should be used by readers as a guide to understanding how IDC approaches the legal discovery infrastructure competitive market, including the market size, forecasts, and competitive analysis studies. This document should be read in conjunction with the following documents:  Worldwide Compliance Infrastructure 2009–2013 Forecast (forthcoming)

 Worldwide Legal Discovery Infrastructure 2009–2013 Forecast (IDC #218259, May 2009)

 IDC's Worldwide Compliance Infrastructure Taxonomy, 2009 (IDC #217572, March 2009)

L E A R N M O R E

R e l a t e d R e s e a r c h

 Worldwide Legal Discovery Infrastructure 2009–2013 Forecast (IDC #218259, May 2009)

 IDC's Worldwide Compliance Infrastructure Taxonomy, 2009 (IDC #217572, March 2009)

 IDC's Worldwide Legal Discovery and Litigation Support Infrastructure

Taxonomy, 2007 (IDC #207162, June 2007)

S y n o p s i s

This IDC study provides an overview of the research methodology, definitions, and segmentation of the legal discovery infrastructure competitive market.

"IDC renamed the legal discovery and litigation support infrastructure market to the legal discovery infrastructure market. Spending in legal discovery infrastructure solutions can be grouped into the following categories: litigation hold automation and life-cycle management; ESI management for investigation, identification, preservation, and collection; postcollection processing and analysis (including early case assessment); and document review and production. Vendors need to be able to support a flexible architecture for managing ESI for pre- and postcollection ediscovery activities," says Vivian Tero, program manager, Compliance Infrastructure, IDC.

C o p y r i g h t N o t i c e

This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2009 IDC. Reproduction is forbidden unless authorized. All rights reserved.