This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards.

It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.