The EDRM (eDiscovery reference model) is one of the most popular conceptual eDiscovery models that legal and technology firms use to make the eDiscovery process as efficient and error-free as possible. It refers to nine stages that are vital to the discovery process: information governance, identification, preservation, collection, processing, review, analysis, production, and presentation. These stages are divided by professional skill sets and largely organized to help legal firms have an easier time calculating the overall needs and costs of a project.

Originally created by the EDRM organization and fostered by George Socha and Tom Gelbmann, the EDRM has been useful for law firms and technology groups for years. These days, however, there’s one angle in the legal profession that needs to be given preference: cybersecurity. As the legal technology industry moves toward a reality which must take cybersecurity concerns into consideration and embraces commoditization, new skill sets, and new technology knowledge bases, the need for a new reference model which prioritizes cybersecurity concerns arises.

That brings us to the TRU Cybersecurity Reference Model, also referred to as the CSRM. The CSRM was created by an award-winning legal recruiting firm called TRU Staffing Partners with the intention of creating a practical, modern technology model that focuses on security needs through the lens of professional skill sets. Essentially acting as a skills-based guide to the functions and job responsibilities most needed in the legal technology industry in regards to security, the CSRM helps clarify what skills are required and serves to reference which stages are in high demand.


There are six primary stages in TRU’s CSRM:

1. Technology Inventory:

An organization must first perform an audit of their current technology. This includes networks, hardware and software, mobility potential, application development, and contingency plans.

Useful skill sets/certifications: Network engineering, disaster recovery, business continuity. GIAC Systems and Network Auditor (GSNA) and GIAC Critical Controls Certification (GCCC).

2. Assess:

A company must evaluate its current digital security configuration and adjust any policies as needed to fit the project adequately. Internal and external protections including online, mobile, and even any potential insider threats must all be considered.

Useful skill sets/certifications: Digital security/cybersecurity, information governance. Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and GIAC Penetration Tester (GPEN) certifications as well as system auditing certifications like the Certified Information Systems Auditor (CISA) certification.

3. Compliance and Governance:

Organizations are required in this stage to ensure all involved parties comply and adhere to the same digital standards.

Useful skill sets/certifications: Information governance. Certified Security Compliance Specialist (CSCS), Certified HIPAA Administrator (CHA), Certified HIPAA Professional (CHP), Check Point Certified Security Administrator (CCSA), and Certified Information Privacy Professional (CIPP) certifications.

4. Security Architecture and Systems:

This stage includes the development, evaluation, and implementation of all current and emerging security technologies including SIEM, identity management, persistent threat analysis tools, threat visualization tools, and firewalls. Both security-by-design and privacy-by-design concepts may be utilized.

Useful skill sets/certifications: Digital security/cybersecurity. The Certified Information Systems Security Professional (CISSP) certification is the most prominent here, followed by the CESG Certified Professional (CCP) and CompTIA Advanced Security Practitioner (CASP) certifications.

5. Monitor:

A business must have the ability to monitor for and evaluate security threats quickly and efficiently. Centralized security operations centers (SOCs) are ideal for this task and can be set up either internally or outsourced to a managed provider.

Useful skill sets/certifications: Digital security/cybersecurity, managed security. The GIAC Continuous Monitoring Certification (GMON) is recommended for this stage, but many application-specific certifications are also appropriate.

6. Respond:

If a security threat is identified during any process, it must be properly isolated and eliminated. Any damage and data loss must be assessed and restored if possible.

Useful skill sets/certifications: Cybersecurity, digital forensics, reverse malware engineering, incident response, disaster recovery. Forensic certifications including the GIAC Certified Forensic Examiner (GFCE) and GIAC Certified Forensic Analyst (GCFA) are useful as well as incident response certifications like the GIAC Certified Incident Handler (GCIH). Malware engineering certifications such as the GIAC Reverse Engineering Malware (GREM) and Certified Malware Reverse Engineer (CCMRE) are also useful.

Both the CSRM and EDRM models naturally share a few similarities. The information governance stages and respond stages contain the most overlap. Both models make heavy use of digital forensics, utilizing the same tools and collection methodologies. Organizations wishing to adopt the CSRM should focus on the areas where the models differentiate and encourage team members to familiarize themselves with the latest cybersecurity practices and challenges in order to improve the discovery team’s approach to digital security.

Hiring a consulting firm which approaches technology from a cybersecurity-focused angle is often the best way to ensure that a discovery team makes the necessary technology and security improvements. A consulting firm like LOGICFORCE has eDiscovery and cybersecurity experts who are equipped with the necessary certifications, tools, and best practices to help your organization advance to the next level and keep your company’s data, network—and your entire business—secure. Contact a LOGICFORCE team member today to see how we can help your firm reach its security, eDiscovery, and overall technology potential.