It's necessary for organizations to have a way to efficiently locate and retrieve data in response to a subpoena. One especially helpful tool in this type of situation is SharePoint 2013's eDiscovery Center.
An eDiscovery Center is really nothing more than a special type of site collection, but to perform e-discovery, you'll have to create one since it is not deployed by default.
The concept of creating an eDiscovery Center may seem foreign at first, but it's based on a process SharePoint admins should recognize, as creating one is similar to creating a site collection.
Creating an eDiscovery Center
To create an eDiscovery Center, open the SharePoint Central Administration console and click on the Create Site Collections link. From here, enter a title for the eDiscovery Center you want to create. Next, enter an optional description and a URL path (Figure 1).
The lower portion of the interface contains an option to select a template. Go to the Enterprise tab and select the eDiscovery Center option (Figure 2). Specify a primary and an optional secondary administrator and click OK.
Once you've completed those steps, you can see what the eDiscovery Center looks like (Figure 3).
Using the eDiscovery Center
In the eDiscovery Center, it's possible to have multiple cases for performing e-discovery at any one time in any organization. Therefore, the eDiscovery Center is designed to allow you to designate multiple cases. You can perform a separate set of e-discovery queries for each case.
To get started, click the Create New Case button. You will then be prompted to assign a name and an optional description to the case. Click OK to create the case.
A case is really nothing more than a SharePoint site that exists within the SharePoint site collection. The interface makes it easy to query SharePoint content (Figure 4).
Searching content is only half of the e-discovery process. Query results are typically placed on legal hold so they can't be deleted, modified or purged at the end of the document lifecycle. When possible, e-discovery performs an in-place hold to minimize storage consumption. This keeps SharePoint from having to copy all of the documents on legal hold.
If a user attempts to modify a held document, SharePoint uses a copy-on-write operation, which allows the user to make the requested modification while also retaining an unmodified copy for legal reasons.
Other important things to know
The SharePoint eDiscovery Center is based on search queries, which in turn are based on the Search Service Application. This means an e-discovery operation can only return results for items visible to the Search Service Application. As such, you will have to build your eDiscovery Center around your Search Service Applications.
For example, if your organization uses five separate Search Service Applications to crawl specific SharePoint sites, then you will have to create a separate eDiscovery Center for each Search Service Application. This is because the eDiscovery Center is unable to return results that aren't visible to the associated Search Service Application.
While you plan your Search Service Application architecture, keep in mind that the eDiscovery Center can discover content on Lync and Exchange servers, as well -- you'll have to create a trust relationship between SharePoint and Exchange and/or Lync to do so. You'll also have to configure SharePoint to crawl the Exchange or Lync servers.
SharePoint 2013 makes it easy for admins to create an eDiscovery Center and perform the e-discovery process. The trick is to make sure the eDiscovery Center has the necessary rights to crawl all of the content you want to examine.
About the author:
Brien Posey is an eight-time Microsoft MVP for his work with Windows Server, IIS, Exchange Server and file system storage technologies. Brien has served as CIO for a nationwide chain of hospitals and health care facilities, and was once responsible for IT operations at Fort Knox. He has also served as a network administrator for some of the nation's largest insurance companies.