This document is available in three formats: this web page (for browsing content), PDF (comparable to original document formatting), and Word.

Questionnaire on Electronically Stored Information

(March 17, 2011)

I. Definitions and Instructions

  1. "ESI" means electronically stored information as the term is used in the Federal Rules of Civil Procedure.
  2. All responses should include all systems, practices, and procedures used at any time during the period three years prior to the present that may contain potentially responsive information.
  3. All responses should reflect an inquiry into actual employee practices, and not just the organization's policies.
  4. The term "archive" means long-term storage repositories for records, often for purposes of historical reference, and denotes a distinct concept from a "backup," which is created in order to restore data if needed at a later date (e.g., for disaster recovery).

II. Background

Provide:

  1. current organizational charts for your organization's information technology ("IT") unit;
  2. written policies related to document retention and management, along with when the policy was in effect and whether the policy is enforced and by whom;
  3. any existing diagrams of your organization’s IT infrastructure; and
  4. a description of IT functions performed by outside contractors.

III. Computer Hardware and Systems

Describe the computer hardware and systems used in the conduct of your organization’s business, addressing:

  1. the kinds of computers used (e.g., mainframe, work stations, desktops, laptops);
  2. the types and versions of all operating systems (including version) used (e.g., Windows, Linux, UNIX), including dates of major changes or upgrades;
  3. the types of servers used (e.g., Exchange servers), the approximate number of each server type, and the physical locations of servers;
  4. use of desktops, including where business information is saved and backed-up on the desktops, how the desktops are connected to the network (e.g., LAN), and any use for telecommuting;
  5. use of laptops to conduct business, where business information is saved and backed-up on the laptops, how the laptops are connected to the network (e.g., remote access programs, synchronization procedures), and any use for telecommuting;
  6. use of employees' own personal computers, how these computers are connected to your organization's network (e.g., remote access, web access), and where work-related ESI is saved and backed-up for these personal computers;
  7. use of handheld devices (e.g., BlackBerry devices, smartphones, personal digital assistants (“PDAs”), tablet devices (e.g., Apple iPads) (whether provided by your organization or the employee), how these devices are connected to your organization’s network, and whether they contain business-related messages or documents not stored on the network (e.g., SMS or PIN messages);
  8. use of removeable storage media (e.g., thumb drives, CDs, external hard drives);
  9. all third-party storage locations containing ESI created by your organization (e.g., ASPs, cloud computing, external host servers);
  10. all legacy systems containing ESI not migrated to current systems; and
  11. where, and for how long, ESI created by former employees is stored.

IV. Applications and Document Management Software

Describe the applications and document management software used in your organization’s business, addressing:

  1. E-mail and Other Electronic Communication Software
    1. e-mail programs (including version) (e.g., Microsoft Outlook 2000 SP-3, web-based e-mail accounts) and any related applications used (e.g., contacts, calendar, notes, tasks);
    2. where e-mails are stored (e.g., on network servers, local drives);
    3. limits on e-mail retention (e.g., size of mailbox, length of retention), and when such limits were put into effect;
    4. whether e-mails are routinely deleted (or auto-deleted) and the schedule or parameters for such deletions;
    5. use of Instant Messaging ("IM") programs, and the period for which IM messages are retained; and
    6. any voicemail system used, the programs used for voicemail retention, how long voicemails are retained, whether voicemail messages are migrated to another electronic system, e.g., email, and the format in which voicemail is stored (e.g., .wav, etc.).

  2. Other Applications
    1. each application (including version) used to create ESI, including word processing, spreadsheet, presentation, financial and accounting, and any customized software applications; and
    2. where ESI created through such programs is stored, and whether each such storage space is shared or personal.

  3. Document Management
    1. each document management application (including version) used;
    2. the types of ESI stored using such programs; and
    3. where such ESI is stored.

V. Internet, Intranet, and Other Web-based Information

  1. Describe the internet and intranet sites that your organization maintains, addressing:
    1. the type information maintained on the each site;
    2. which groups or categories of users (not lists of names of individuals) have rights to add, delete, or alter data on each site;
    3. where each site is stored; and
    4. whether ESI contained in each database is routinely deleted (or auto-deleted) and the schedule or parameters for such deletions; and
    5. any approval process or procedures to alter content on each site.

  2. Describe web-based services your employees or the organization use in relation to your organization's business, addressing:
    1. which, if any, social networking sites (e.g., Facebook, MySpace, Twitter), personal e-mail boxes (e.g., Hotmail, Gmail), collaboration tools (e.g., wikis, Sharepoint, blogs, WebEx), or video or photo sharing sites (e.g., YouTube, Flickr, Snapfish, etc.) are used;
    2. which groups or categories of users (not lists of names of individuals) have rights to add, delete, or alter data in each web-based service;
    3. where the information for each web-based service is stored;
    4. how employees use each web-based service;
    5. whether ESI contained in each web-based service is routinely deleted (or auto-deleted) and the schedule or parameters for such deletions; and
    6. any approval process or procedures to alter content on any web-based services.

  3. Identify any data room or temporary document repositories (e.g., due diligence rooms) created by the company in connection with the proposed transaction.

VI. Databases

Describe databases used in the conduct of your organization's business, addressing:

  1. the name of each such database and its underlying software (including version);
  2. the type of information each database contains;
  3. which groups or categories of users (not lists of names of individuals) have rights to add, delete, or alter data in each database;
  4. where each database is stored;
  5. whether ESI contained in each database is routinely deleted (or auto-deleted) and the schedule or parameters for such deletions; and
  6. the availability of regular or standard reports, data dictionaries, manuals, and training materials for each database.

VII. Disaster Recovery Backup and Archiving Procedures

  1. For each repository of ESI identified in response to this questionnaire, describe your organization’s backup procedures, addressing:
    1. the types of backups performed (e.g., full backups, incremental backups);
    2. the types of data backed up (e.g., e-mails, word processing documents);
    3. the backup schedule (e.g., each business day, weekly, and monthly);
    4. the period for which ESI contained on backups may be restored (i.e., the number of months or years backup media are retained before being overwritten);
    5. whether backup media are individually labeled by type of data stored on the media, or by employees whose data is stored on the tape;
    6. whether an individual e-mail box can be restored or the files of a single custodian restored, without restoring the entire backup media;
    7. whether backup media are indexed and/or logged by backup software;
    8. the type of media on which the backup data is stored, and the backup application (including version) used;
    9. the use of any remote or on-line backup service;
    10. the location of any and all backup media, whether on or off-site;
    11. whether backup media have been restored within the last two years, for any purpose, including for other litigation or to retrieve data inadvertently deleted from computer systems; and
    12. the cost associated with restoring one backup media component (e.g., one backup tape).

  2. For each repository of ESI identified in response to this questionnaire, describe your organization’s archiving practices, addressing:
    1. the types of ESI archived;
    2. the frequency with which each type of ESI is archived;
    3. whether archiving occurs automatically or is done manually; and
    4. where archived ESI is stored.

  3. Have backups or archives been made of ESI outside of your normal procedures? (For example, in relation to a merger, acquisition, or sale of assets or a business line or in relation to the migration of ESI from one system to another.) If so, describe what was backed up or archived and whether it has been retained.

IX. Preservation Efforts

Describe the actions that have been undertaken to preserve ESI, addressing:

  1. the computer systems, applications, document management software, web-based information and systems, databases, and other systems containing ESI identified in response to this questionnaire;
  2. the individuals covered;
  3. the time period covered;
  4. backup and archiving media and systems; and
  5. preserving ESI on a going-forward basis.