OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS



Similar documents
OPEN DATA CENTER ALLIANCE USAGE: Data Security Rev. 1.0

OPEN DATA CENTER ALLIANCE SM CLOUD ADOPTION SURVEY

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

OPEN DATA CENTER ALLIANCE USAGE MODEL: Provider Assurance Rev. 2.0

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1

OPEN DATA CENTER ALLIANCE Usage Model: Guide to Interoperability Across Clouds

OPEN DATA CENTER ALLIANCE USAGE Model: Software as a Service (SaaS) Interoperability Rev 1.0

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY

1. Your Acceptance 2. LKIS App Access 3. Intellectual Property Rights 4. Warranty Disclaimer

OPEN DATA CENTER ALLIANCE USAGE MODEL: Cloud Maturity Model Rev. 2.0

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

THOMSON REUTERS (TAX & ACCOUNTING) INC. FOREIGN NATIONAL INFORMATION SYSTEM TERMS OF USE

Terms and Conditions for Tax Services

State of Utah Version of Document E

Appendix. 1. Scope of application of the user evaluation license agreement

INTEL SOFTWARE LICENSE AGREEMENT (OEM / IHV / ISV Distribution & Single User)

User Agreement. Quality. Value. Efficiency.

Open Networking Foundation (ONF) Trademark Usage Guidelines for ONF and OpenFlow Trademarks

Provider secure web portal & Member Care Information portal Registration Form

Business Partner Program

CENTURY 21 CANADA LIMITED PARTNERSHIP WEBSITE TERMS OF USE

BlackBerry Business Cloud Services. Version: Release Notes

ZIMPERIUM, INC. END USER LICENSE TERMS

TERMS AND CONDITIONS

CA Cloud Service Delivery Platform

Revised 10/13 SUBSCRIBER AGREEMENT. Introduction

SOFTWARE LICENSE AGREEMENT

PointCentral Subscription Agreement v.9.2

AGREEMENT BETWEEN USER AND Caduceon Environmental Laboratories Customer Portal

Overview Software Assurance is an annual subscription that includes: Technical Support, Maintenance and Software Upgrades.

WI-FI ALLIANCE INTELLECTUAL PROPERTY RIGHTS POLICY

C-DAC Medical Informatics Software Development Kit End User License Agreement

RockWare Click-Wrap Software License Agreement ( License )

RELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES

Acquia Certification Program Agreement

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork,

AGREEMENT BETWEEN USER AND Global Clinical Research Management, Inc.

Acceptable Use Policy of UNWIRED Ltd.

SMS SERVICE PROVISION

SAMPLE RETURN POLICY

SYMPHONY LEARNING LICENSE AND REMOTE HOSTED SERVICES AGREEMENT

CONSULTING SERVICES AGREEMENT

ELECTRONIC FILER AGREEMENT

Application Programming Interface (API) Application (app) - The API app is the connector between epages and the developers service.

QUADRO POWER GUIDELINES

TERMS OF USE / LEGAL NOTICE FOR PENNSYLVANIA AMBULATORY SURGERY ASSOCIATION SITE

SOFTWARE LICENSE AGREEMENT (Web Version October 18, 2002)

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

AMERICAN INSTITUTES FOR RESEARCH OPEN SOURCE SOFTWARE LICENSE

Mobile Banking, Text Messaging and Remote Deposit Service

Canon USA, Inc. WEBVIEW LIVESCOPE SOFTWARE DEVELOPMENT KIT DEVELOPER LICENSE AGREEMENT

The Credit Control, LLC Web Site is comprised of various Web pages operated by Credit Control, LLC.

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

WE RECOMMEND THAT YOU PRINT OUT AND KEEP A COPY OF THIS AGREEMENT FOR YOUR FUTURE REFERENCE.

ii. sold, licensed, transferred or assigned to no other party for a period of thirty (30) days;

COLOCATION AGREEMENT. 1. Term and Payment for Services

Partners in Care Welch Allyn Connex Software Development Kit License Agreement

AGREEMENT AND TERMS OF USE

UK Vendor Website - Terms of Use Agreement

Provider Web Portal Registration Form

Technical Help Desk Terms of Service

ELECTRONIC FILER AGREEMENT

ADP Ambassador /Referral Rewards Program. Terms and Conditions of Use

Rethinking Schools Limited Institutional Site License

Please read these Terms and Conditions carefully. They Govern your access and use of our Website and services on it.

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

TERMS & CONDITIONS: LIMITED LICENSE:

Terms of Service. 1. Acceptance Of Terms. 2. Use Of Customer Information And Privacy Policy. 3. Ownership Of Site Content

PLANTTOGETHER REFERRAL PARTNER AGREEMENT. Updated: January 1, 2015

TRIAL AGREEMENT FOR QUALIANCE

BES10 Self-Service. Version: User Guide

Self Help Guides. Setup Exchange with Outlook

DUAL MONITOR DRIVER AND VBIOS UPDATE

GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE

Terms & Conditions Template

TERMS OF USE 1. Definitions

SUBSCRIPTION SERVICES.

1.1 Authorized User means an employee of Customer who has been issued a User ID in accordance with Section 3.2(a).

IICLE ONLINE SUBSCRIPTIONS TERMS AND CONDITIONS

Website Hosting Agreement

Software Hosting and End-User License Subscription Agreement

BY ACCESSING, SUBSCRIBING, DOWNLOADING AND/OR OTHERWISE USING THE KC SCOUT TECHNOLOGY, YOU

AGREEMENT BETWEEN USER AND International Network of Spinal Cord Injury Nurses

END USER LICENSE AGREEMENT

Transcription:

OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS Version Date Editor Description of Change 1.0 27 Aug 2014 Security WG Initial release Contributors Christophe Gévaudan UBS Tino Hirschmann T-Systems, Deutsche Telekom Group Ian Lamont BMW Manjunath Mahabhaleshwar Intel IT

OPEN DATA CENTER ALLIANCE SM : Page 2 of 6 CONTENTS Contributors... 1 Executive Summary... 4 Purpose... 5 Usage Scenario e-discovery data copy for SaaS... 5 Usage Scenario Supply of Log Data for Forensics... 5 RFP Requirements... 6 Summary of Industry Actions Required... 6

OPEN DATA CENTER ALLIANCE SM : Page 3 of 6 Legal Notice This Open Data Center Alliance SM Usage Model: e-discovery and Forensics document is proprietary to the Open Data Center Alliance (the Alliance ) and/or its successors and assigns. NOTICE TO USERS WHO ARE NOT OPEN DATA CENTER ALLIANCE PARTICIPANTS: Non-Alliance Participants are only granted the right to review, and make reference to or cite this document. Any such references or citations to this document must give the Alliance full attribution and must acknowledge the Alliance s copyright in this document. The proper copyright notice is as follows: Such users are not permitted to revise, alter, modify, make any derivatives of, or otherwise amend this document in any way without the prior express written permission of the Alliance. NOTICE TO USERS WHO ARE OPEN DATA CENTER ALLIANCE PARTICIPANTS: Use of this document by Alliance Participants is subject to the Alliance s bylaws and its other policies and procedures. NOTICE TO USERS GENERALLY: Users of this document should not reference any initial or recommended methodology, metric, requirements, criteria, or other content that may be contained in this document or in any other document distributed by the Alliance ( Initial Models ) in any way that implies the user and/or its products or services are in compliance with, or have undergone any testing or certification to demonstrate compliance with, any of these Initial Models. The contents of this document are intended for informational purposes only. Any proposals, recommendations or other content contained in this document, including, without limitation, the scope or content of any methodology, metric, requirements, or other criteria disclosed in this document (collectively, Criteria ), does not constitute an endorsement or recommendation by Alliance of such Criteria and does not mean that the Alliance will in the future develop any certification or compliance or testing programs to verify any future implementation or compliance with any of the Criteria. LEGAL DISCLAIMER: THIS DOCUMENT AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON AN AS IS BASIS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE ALLIANCE (ALONG WITH THE CONTRIBUTORS TO THIS DOCUMENT) HEREBY DISCLAIM ALL REPRESENTATIONS, WARRANTIES AND/OR COVENANTS, EITHER EXPRESS OR IMPLIED, STATUTORY OR AT COMMON LAW, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, VALIDITY, AND/OR NONINFRINGEMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY AND THE ALLIANCE MAKES NO REPRESENTATIONS, WARRANTIES AND/OR COVENANTS AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF, OR RELIANCE ON, ANY INFORMATION SET FORTH IN THIS DOCUMENT, OR AS TO THE ACCURACY OR RELIABILITY OF SUCH INFORMATION. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH HEREIN, NOTHING CONTAINED IN THIS DOCUMENT SHALL BE DEEMED AS GRANTING YOU ANY KIND OF LICENSE IN THE DOCUMENT, OR ANY OF ITS CONTENTS, EITHER EXPRESSLY OR IMPLIEDLY, OR TO ANY INTELLECTUAL PROPERTY OWNED OR CONTROLLED BY THE ALLIANCE, INCLUDING, WITHOUT LIMITATION, ANY TRADEMARKS OF THE ALLIANCE. Open Data Center Alliance, Inc. is NOT a law firm. The information provided or referenced in this Usage Model is not intended, in any way, as legal advice to you. Our publishing of this Usage Model and your review or use of it is NOT intended to create, nor does it create, any attorney client relationship between Open Data Center Alliance, Inc. and you. We encourage you to seek proper, independent legal advice from an appropriate advisor before making any decisions that might impact your legal duties or rights or might impose any legal liability on you. Any laws/regulations/rule mentioned in this document may not be a complete list of the laws/regulations/rules that impact your circumstances. Also, applicable laws/regulations change frequently, and the application of laws/regulations by courts and government agencies can vary greatly. Thus, all information provided or referenced in this Usage Model is provided to you on an AS IS and AS AVAILABLE basis. If you rely on any of this information you do so at your own risk and you are totally and solely responsible for the consequences of your actions, including (without limitation) all legal liability and legal consequences. TRADEMARKS: OPEN CENTER DATA ALLIANCE SM, ODCA SM, and the OPEN DATA CENTER ALLIANCE logo are trade names, trademarks, and/or service marks (collectively Marks ) owned by Open Data Center Alliance, Inc. and all rights are reserved therein. Unauthorized use is strictly prohibited. This document does not grant any user of this document any rights to use any of the ODCA s Marks. All other service marks, trademarks and trade names reference herein are those of their respective owners.

OPEN DATA CENTER ALLIANCE SM : e-discovery and Forensics Page 4 of 6 OPEN DATA CENTER ALLIANCE SM USAGE MODEL: E-DISCOVERY AND FORENSICS Executive Summary The Federal Rules of Civil Procedure (FRCP) and other United States laws, regulations, and court rules, often require the preservation and production of certain electronically stored information that is relevant to a particular litigation or other legal proceeding (e-discovery). As corporate information is moved to the cloud the fulfilling of these requirements becomes more challenging for enterprises that operate in the USA. In addition to the Federal Rules of Civil Procedure, an organization is likely to be required to meet other compliance requirements which will necessitate a process similar to e-discovery to be carried out. As well as the requirements for e-discovery, organizations often require to undertake forensic examination of assets in order to determine the nature of an attack or to pursue internal investigations. This forensic examination of cloud based data may also be a result of a compliance requirement. This usage model seeks to define the requirements of cloud subscribers who are addressing e-discovery issues or require forensic access to cloud services. This document serves a variety of audiences. Solution providers and technology vendors will benefit from its content to better understand customer needs, and tailor service and product offerings. Standards organizations will find the information helpful in defining end-user relevant and open standards.

OPEN DATA CENTER ALLIANCE SM : e-discovery and Forensics Page 5 of 6 Purpose This usage model seeks to define the processes by which cloud providers should deliver the cloud subscribers requirements in regard to e-discovery and forensics. Usage Scenario e-discovery data copy for SaaS Goals: In the event of a specific subscriber request, the provider will copy all records associated with the request to a specified medium in a timely manner. Assumptions: The subscriber and provider have previously agreed the framework for the data storage. This should form part of the contract. The SLA for delivery of the output has been previously agreed. Success Scenario: A request is sent from the subscriber requesting that data relating to the formal request be stored. The provider formally responds to this request and immediately implements the secure copy of the requested data. The data, complete with all associated metadata, is stored in a secure area with access limited. Steps: Step 1: The subscriber sends a formal request identifying the need for data to be stored. Step 2: A formal acknowledgement of the request is sent from provider to subscriber. Step 3: The provider implements an internal process which copies defined data to a storage media. Step 4: Subscriber is advised that copy is complete. Failure Condition: The cloud provider fails to deliver the service. Failure Handling: The cloud provider and cloud subscriber should meet and organize mitigating measures to ensure that the cloud subscriber can fulfill their legal requirements. Usage Scenario Supply of Log Data for Forensics Goals: As a result of a formal request, log data is supplied to the subscriber. Assumptions: Retention period of logs has been agreed in contract: The formal request clearly defines the requirement in terms of the data that must be returned and the period over which that data should be captured. A clear understanding has been reached as to the extent of the log data that will be supplied (for example, the anonymisation of non-subscriber usernames should be considered). Success Scenario: A request is sent from the subscriber requesting that specified log data be delivered to the subscriber. The provider formally responds to this request and immediately forwards the requested data to the subscriber. Steps: Step 1: The subscriber sends a formal requesting log data to be returned to the subscriber. Step 2: A formal acknowledgement of the request is sent from provider to subscriber. Step 3: The provider identifies the log data and extracts it from the relevant systems.

OPEN DATA CENTER ALLIANCE SM : e-discovery and Forensics Page 6 of 6 Step 4: Log data is sent on a secure media or over a secure connection to the subscriber. Failure Condition 1: The cloud provider fails to deliver the service. Failure Handling 1: The cloud provider and cloud subscriber should meet and organize mitigating measures to ensure that the cloud subscriber can fulfill their legal requirements. Failure Condition 2: The cloud provider returns log data which contains identifiable information of a 3rd party company. Failure Handling 2: The cloud subscriber should immediately inform the provider of the data breach and, in cooperation with the provider, destroy the identifiable information. The cloud provider should decide if their normal data breach notification processes should be out into place. RFP Requirements Following are requirements that the Alliance suggests should be included in requests for proposal (RFP) to cloud providers to ensure that e-discovery requirements are met. ODCA e-discovery and Forensics Usage Model Solution must allow the cloud solution provider to deliver a securitized copy of selective data to permit cloud subscriber compliance with the Federal Rules of Civil Procedure and other applicable laws, regulations, and court orders. ODCA e-discovery and Forensics Usage Model Solution must be able to deliver itemized log information regarding use of the service to the subscriber on request For further assistance in developing an RFP, please use this online engine: www.opendatacenteralliance.org/ourwork/proposalengineassistant Summary of Industry Actions Required In the interest of giving guidance on how to create and deploy solutions that are open, multi-vendor and interoperable, we have identified specific areas where the Alliance suggests there should open specifications, formal or defacto standards or common intellectual property-free (IP-free) implementations. Where the Alliance has a specific recommendation on the specification, standard or open implementation, it is called out in this usage model. In other cases, we plan to work with the industry to evaluate and recommend specifications in future releases of this document. The following are industry actions required to refine this usage model: 1. Cloud providers and other interested parties are requested to review their cloud offerings to identify the capability of these services to meet the subscriber requirements in terms of e-discovery and forensic log data copying. 2. Cloud providers are requested to submit compliance declarations and any non-conformances to the Open Data Center Alliance SM Content Evolution Working Group for discussion.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information