CISSP Exam - Question 104

An organization often requires information governance during a lawsuit or some other consequence of noncompliance. On such occasions, compliance teams must go through potentially millions of pages of documents -- and possibly even more rows of data -- in pursuit of information that has been requested for legal purposes. This process, also called electronic discovery (e-discovery), is daunting even when things are at their most orderly. It can become a nightmare if the organization's information is not well ordered and readily discoverable. https://www.techtarget.com/searchcio/definition/information-governance

A. https://www.ironmountain.com/resources/general-articles/w/who-really-owns-your-information-governance-program Every IG program needs a Jeter—a senior executive who typically works in the legal, IT, compliance or risk management department. Player #1: The Legal Eagle. Your legal team's IG role is to determine your firm's ongoing profile based on (among other factors):

A. Legal. The legal department is ultimately responsible for information governance related to e-mail and other electronic records within an organization. This responsibility includes establishing policies, procedures, and guidelines for the proper management, retention, and disposal of electronic records in compliance with applicable laws, regulations, and industry standards. The legal department ensures that the organization maintains legal and regulatory compliance regarding e-records, including e-mail communications. They also handle any legal matters related to e-records, such as e-discovery requests or litigation involving electronic evidence.

Vote for C

I have never worked somewhere with a "compliance" department

They are authorized to do e-discovery and also work on regulatory compliance.

Answer A) Legal While data governance focuses mostly on the technical aspects of data handling, information governance takes a broader approach by incorporating legal, regulatory, and strategic considerations. https://www.epiqglobal.com/en-us/resource-center/articles/data-governance-vs-information-governance#:~:text=While%20data%20governance%20focuses%20mostly,information%20as%20a%20valuable%20asset.

Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery.

OSG p912 - In legal proceedings, each side has a duty to preserve evidence related to the case and, through the discovery process, share information with their adversary in the proceedings. This discovery process applies to both paper records and electronic records, and the electronic discovery (or eDiscovery) process facilitates the processing of electronic information for disclosure. The Electronic Discovery Reference Model (EDRM) describes a standard process for conducting eDiscovery with nine aspects: 1. Information Governance - Ensures that information is well organized for future eDiscovery efforts.

None of them is ultimately responsible How can legal, security, compliance working on 2nd line of defence being held ultimately responsible? Especially legal and compliance. Who operationally maintains and works on these e-file then who are ultimately accountable.

In theory it my be Legal but in reality this department does not get involve For information governance for email or e-records unless or until there’s a litigation situation. In reality it is the compliance team that is responsible for to be compliant in these. For the sake of CISSP the answer could be Legal as many said but a confirmed answer needed to be sure.