If your organisation touches legal matters, investigations, or compliance, you will come across the EDRM lifecycle. It stands for the Electronic Discovery Reference Model. It sets out how to handle electronically stored information, or ESI, in a fair, defensible way.

In plain terms, the EDRM shows how teams find, protect, collect, review, and present digital evidence. In this guide, the nine steps are grouped into three easy phases: upstream, midstream, and downstream. It is used by in-house legal, outside counsel, IT, and compliance teams. In 2025, it matters because it helps control cost, move faster, reduce risk, and keep a solid process.

You will see simple examples you already use every day, such as email, Teams, Slack, mobiles, and cloud drives. There is also a practical checklist at the end.

What is the EDRM lifecycle and why it matters today

At its core, EDRM is a roadmap for handling digital evidence. It helps you find the right data, protect it, and present it when needed. It breaks the electronic discovery process into nine stages: Information Governance, Identification, Preservation, Collection, Processing, Review, Analysis, Production, and Presentation.

Teams use EDRM in litigation, regulatory responses, and internal investigations. The aim is to lower cost, reduce the risk of spoliation, speed up timelines, and improve outcomes. Think of simple tasks like placing a legal hold on an employee’s mailbox, exporting a Slack channel for a date range, or preserving files in a shared drive without changing metadata.

In 2025, the stages are stable, but the way teams work has improved. AI supports search and early triage. Proportionality is front of mind, so teams explain why they collect certain data rather than collecting everything. Security and privacy controls are stronger across each step. For a visual overview, see the Current EDRM model diagram.

Upstream EDRM stages: prepare and protect before a case starts

Good early steps make the rest cheaper and faster. A few smart moves now will reduce the volume you collect and review later.

Information Governance: set rules to manage data

Set clear rules for how data is created, stored, and deleted. Keep it simple.

• Retention schedules that state how long you keep email, chat, and files
• Naming rules so people can find what they need
• Clear locations for files, and who can access them
• Secure deletion policies when data is no longer needed

Focus on the systems your team already uses, such as Microsoft 365, Google Workspace, cloud storage, and mobile devices. Reduce ROT data, which is redundant, obsolete, or trivial. Map your data sources and train staff. This cuts data volume later and keeps your risk low.

For a deeper reference on how stages fit together, the EDRM model conceptual framework is helpful.

Identification: find likely sources of ESI

When a matter is likely or active, list the people and systems that hold relevant data. Common sources include email, Teams, Slack, shared drives, laptops, phones, HR platforms, CRM, finance systems, and backups.

Define scope with date ranges, custodian lists, keywords, and event timelines. Document what you include and what you exclude, and why. This record will help you answer questions later.

Preservation: hold and protect relevant data

A legal hold is a notice that tells people not to delete certain information. It also triggers technical steps to stop auto-delete. Examples include in-place holds in Microsoft 365, suspending retention on a Slack channel, isolating a laptop, or preserving cloud data via an API.

Keep a chain of custody and audit logs to show what happened and when. Avoid changing file metadata. Do not let routine processes overwrite relevant data.

Midstream EDRM stages: collect, clean, and review the data

Now you move from raw data to a focused review set. Targeted collection and smart filters save time and money.

Collection: gather ESI defensibly

Collect from the sources identified earlier, and only gather what is needed. Examples include exporting mailboxes from Microsoft 365, collecting Teams or Slack channels, imaging a laptop if needed, and using APIs for cloud tools.

Focus on completeness and integrity. Hash values, logs, and clear notes matter. Avoid over-collecting, since every extra gigabyte adds cost later.

Processing: reduce volume and organise

Processing prepares data for review. Key steps include:

• Deduplication to remove exact copies
• DeNISTing to strip out system files
• Date and keyword filters to narrow scope
• Metadata normalisation so fields are consistent
• Converting files into review-friendly formats
• Handling threads and attachments as linked items

Account for languages, time zones, PDFs, images, and archives. Early filters reduce the set without losing the signal.

Review: assess relevance and privilege

Review has two main passes. First pass checks relevance. A second pass performs quality checks and looks for privilege.

Keep review codes simple: relevant, not relevant, privileged, confidential. Use workflows and sampling to keep quality high. Build and maintain a clear privilege log. This keeps the process defensible and avoids surprises.

Downstream EDRM stages: analyse, produce, and present evidence

The goal is simple, tell the story with facts, share what is required, and present clearly.

Analysis: connect the facts and timelines

Build timelines, find patterns, and link people, places, and events. Match emails with chat messages, call logs, and calendar invites. Use simple analytics and communication maps to show who spoke with whom and when. Look for gaps or spikes in activity that may point to key events.

Production: share data in the required format

Agree production formats early with the other side. Common formats include native files, TIFF or PDF images, text, load files, and selected metadata fields.

Stay consistent. Apply Bates numbers, check redactions, and run quality checks before sending. Accuracy here prevents rework and avoids disputes.

Presentation: explain evidence clearly in court or hearings

Prepare exhibits, call-outs, and timelines that a judge or jury can follow. Test that documents display properly, with accurate metadata and context. Clear presentation saves time and avoids confusion.

For formal guidance on stage-by-stage standards, see the EDRM stages standards overview.

Best practices and common pitfalls across the EDRM lifecycle

A few habits can cut cost, reduce risk, and improve outcomes across the board.

Mistakes to avoid at each stage

• Late legal holds; risk: data loss and sanctions
• Over-collection; risk: higher cost and slower review
• Weak chain of custody; risk: challenges to authenticity
• Skipping processing QA; risk: missing files or broken metadata
• No privilege review; risk: waived privilege and disclosure errors
• Poor redactions; risk: revealing sensitive data
• Last-minute production changes; risk: errors and disputes

Time and cost savers that work

• Invest in a current data map
• Use tight date ranges and targeted sources
• Apply deduplication early
• Standardise naming and folder rules
• Sample test keywords before full processing
• Agree production specs upfront
• Automate routine steps where safe

Privacy, security, and compliance checks

Build privacy and security into every step. Use access controls and encryption at rest and in transit. Limit access to need-to-know. Watch for special categories of data, minors’ data, and cross-border transfer limits. Keep logs and run periodic checks.

Getting started with EDRM: a simple plan you can follow

You can start small and grow. Set roles, choose a few dependable tools, and follow a clear checklist.

People and roles you need

• Matter owner, accountable for outcomes
• Legal lead, responsible for legal strategy
• IT lead, responsible for systems and access
• Privacy lead, responsible for data protection
• Project manager, keeps tasks and timelines on track
• Review team, handles document review and QC
• Vendor or service partner, when skills or capacity are needed

Hold weekly stand-ups and track work in a shared plan.

Tools and settings to standardise early

Pick a small, dependable stack:

• Legal hold tool with audit logs
• Collection tools for email and chat
• Processing and review platform with deduplication and analytics
• Secure storage with role-based access control
• Reporting dashboards for metrics

Standard settings to agree now: time zone normalisation, standard metadata fields, and default production templates.

A quick-start EDRM checklist

1. Build a data map.
2. Set retention rules and train staff.
3. Draft a legal hold playbook.
4. Pick target sources for typical matters.
5. Standardise processing settings.
6. Create review codes and privilege rules.
7. Agree production templates.
8. Track metrics like cycle time, review speed, and error rates.

Conclusion

The EDRM lifecycle is a simple, nine-step framework that turns messy data into clear evidence. Think in three phases, upstream to prepare, midstream to collect and review, downstream to analyse and present. The pay-off is real, lower cost, lower risk, faster work, and a defensible process.

Start with one improvement this month. Build your data map or draft your legal hold playbook. Put the checklist to work and make the next matter smoother for everyone.