Identification. Custodians, repositories, scope.
Every defensible disclosure begins with a decision about what to look at, and, just as importantly, what not to. Identification is the phase where the shape of the matter is drawn.
- Phase
- 01 of 06
- Discipline
- Identification
- Standard
- ACPO · ISO 27001
Plate · IdentificationThe first defensible decision in the matter.
Identification asks three practical questions. Whose data is relevant. Where does that data actually live in 2026, across email, chat, mobile, cloud collaboration, backups and personal devices. What subset of that estate must be preserved and collected, and on what basis. We answer them in writing, with counsel, so the record is complete from day one.
In every matter, the temptation is to skip past scoping and start collecting. Volume feels like progress. It is not. A collection that ignores identification produces disproportionate cost, contested search terms, and a review population no one can defend to the court.
We treat identification as a formal phase with its own outputs. A custodian schedule, a repository inventory, a data map, and a documented rationale for what is in scope and what is not. Counsel sees the shape of the matter before the first hash value is written.
How identification runs on our matters.
- 01
Matter intake
A structured session with counsel to establish the issues, the timeline of relevant events, the parties, and the disclosure standard that applies, whether PD 57AD, a regulator's request, or an internal-investigation protocol.
- 02
Custodian mapping
Named individuals, their roles across the relevant period, their reporting lines and their likely communication channels. Custodians are ranked by relevance, not listed indiscriminately.
- 03
Repository inventory
Every data source in play. M365 mailboxes, OneDrive, SharePoint, Teams, Google Workspace, Slack, mobile handsets, personal cloud, on-premise file shares, backup tapes, legacy systems, third-party platforms.
- 04
Data-map & questionnaire
A short questionnaire to IT and to custodians surfaces the sources people forget to mention, personal devices used for work, retired mailboxes, ephemeral chat platforms and archived accounts.
- 05
Proportionality note
For each source we record why it is in or out of scope, the estimated volume, and the practical cost of preserving and collecting it. This is the document that survives a challenge at the CMC.
- 06
Sign-off
The scope is signed off by counsel before any preservation notice or collection instruction issues. Nothing is done on assumption.
What identification produces.
What arrives at the end of the phase, in a form the next phase, or a court, can rely on.
- Signed custodian schedule with roles and relevant date ranges
- Repository inventory covering endpoint, cloud, mobile and archive
- Data map showing where the relevant material actually resides
- Proportionality note recording in-scope and out-of-scope reasoning
- Draft preservation instructions ready to issue at phase 02
- Risk register flagging sources at risk of imminent loss
Where identification goes wrong.
The recurring failures are the same across sectors. Custodians are listed from an org chart without asking who actually held the relevant conversations. Chat platforms are omitted because IT does not manage them. Personal devices are ignored because they are inconvenient. Backups are assumed to be complete without a restore test. Each of these produces a disclosure that is later shown to be incomplete, and each is avoidable if identification is treated as a phase in its own right, not a preamble to collection.
Continue through the workflow.
Bring us in early.
Defensibility is built, not retrofitted.
Whether you are responding to a regulator, preparing for disclosure, or scoping an internal investigation, start the chain of custody with a short, confidential conversation.
