The Situation

Early in 2021, Relativity solutions provider Control Risks, was working with a chemical company client headquartered in Scandinavia. The client was facing an internal investigation that required rapid collection of documents from employees in the APAC region. The client needed to collect custodian data in the form of Microsoft 365 (“M365”) emails, calendars, contacts, and One Drive files.

Traditionally, this type of collection would have been handled by one of Control Risks’ forensic experts on-site, directing and monitoring the collection and working closely with the client’s IT personnel. However, due to COVID-related travel restrictions and public health concerns, an on-site collection was not possible. Control Risks needed to meet the challenge of a fully remote collection while minimizing the impact on the client’s internal resources who were also remote. Control Risks’ Director of eDiscovery Operations, Liraz Kolnik explained:

“The alternative practice would be for the client’s IT or in-house discovery group to export, collate, and sort the data themselves with the supervision of Control Risks’ forensics experts over a remote session. Then they would have to transfer the data via an sFTP or, if the data set is too large, ship physically on a hard drive.” –Liraz

This was not viewed as an ideal scenario by Control Risks or the client.

The Solution

Control Risks had already familiarized themselves with Relativity’s Collect tool and recognized that this would be a great opportunity to implement it.

The first step in the process involved vetting from the client’s IT and Information Security departments. Starting the conversation with Information Security as soon as possible was identified as a critical first step in this process. Their buy-in early is a great way to avoid any unnecessary hurdles or roadblocks once legal counsel is already onboard with the collection plan. Once these teams were satisfied with the application and procedure, the Control Risks team could proceed with the first phase—connecting Collect to the client’s instance of M365 on the Azure cloud and running a controlled test. The team performed a small collection to ensure that the process was running smoothly.

“The setup of Collect within RelativityOne is a fairly quick process; the longest part is getting the client to approve the process and the client creation of the Azure application on their end.”
LIRAZ KOLNIK, Director of eDiscovery Operations, Control Risks

Satisfied that Collect was set up correctly, the second phase involved a limited collection from one of the relevant custodians. Control Risks targeted just one of the custodians in the matter and collected all their data across all four of the M365 collection points. Assured that that collection ran smoothly, accurately, and timely, the team was then prepared to perform the broader collection.

As this was an internal investigation, the client requested a complete collection of the data for each of the custodians at issue. After the test collection, Control Risks determined that the custodians had an abnormally large amount of OneDrive data. As a result, Control Risks optimized the collection strategy by splitting the collection in two.

The first collection was of emails, calendars, and contacts (i.e., the “Outlook” data), The second collection contained the larger set of OneDrive data. Using this strategy Control Risks was better able to support the client’s review by processing, searching, and promoting the more important “Outlook” data on a rolling basis. Collect helped Control Risks to support this workflow by allowing Control Risks to carve the collections in advance.

The Outcome

The process was seamless and quick with 808 GB collected from 9 custodians. Had the collection been performed by the client’s internal team collecting the data, copying it to a hard drive and shipping it to the review team could have taken anywhere from one to two weeks. instead, this collection was set up and transferring data to Control Risks within a few hours where it was immediately staged for processing, which was completed in a matter of days not weeks.

With Collect, Control Risks was able to expedite the collection for their client through the efficiency and security of Collect. Avoiding risky data transfers was a benefit that utilizing Collect offered Control Risks and the client. Since M365 data and RelativityOne both exist on the Microsoft Azure cloud, the collected data never had to leave the security of Azure. The client was exceptionally pleased with the process and result.

From the Control Risks perspective, they were able to setup, monitor, and action the data efficiently and with minimal disruption to the client. Collect in RelativityOne provided the process efficiency of one tool that can be used from start to finish to save steps. But one of the greatest benefits that Control Risks experienced was their ability to remain in control of the collection. They had visibility into the entire process—Control Risks could monitor how the data was being handled, and with metadata providing detailed audit trials they were still able to achieve a forensically sound collection.

“We could provide ourselves, and therefore the client, with a more accurate ETC. Collect allows us greater control of the process from targeting, collections, through to processing and review.” –Liraz

Now that Control Risks has implemented Collect, they can complete setup and have it tested and running for their clients in under a day. This allows them to get their team up to speed on a matter involving collections in no time.

Liraz looks forward to utilizing Collect further, exploring alternative data source collections beyond M365 like Google Workspace, Slack, and Teams, and to take advantage of the native short message import capabilities afforded with Collect and Relativity Short Message Format (“RSMF”). Robust filter criteria also provide opportunity for Control Risks to perform highly targeted collections, saving themselves and clients significant time in review.

“It was really good to see how robust the tool has become. We’re always looking for ways to get the data from the client to the review as quickly, defensibly and securely as possible. Collect helps us provide greater service and strengthen our relationships with our clients.” –Liraz

Want to learn more about RelativityOne?


Control Risks is a specialist risk consultancy that helps create secure, compliant and resilient organizations. They believe that taking risks is essential to success, so they provide the insight and intelligence organizations need to realize opportunities and grow. And they ensure companies are prepared to resolve issues and crises. Whether it is a corruption, fraud or regulatory investigation, or a cyber breach, with technical expertise, resources in 26 countries and on-premises and cloud data centers strategically placed throughout the globe, they can handle everything from the most challenging assignments involving electronic data and evidence to delivering meaningful intelligence on a prospective investment, business partner, competitor or adversary in litigation.