Finally, we arrive at the best approach we found currently used in legal hold systems: cryptographic hash values for tamper-detection.
These hash values allow even the slightest changes to be detected and require no keys to be kept secret. The hash values must be stored by the software system and are not themselves protected except by the aforementioned methods, so nothing prevents the administrator from simply recalculating the new hash value after modifying the document of interest.
Communication with personnel about what information is being held should be done early, clearly, and repeatedly.
We highlight this risk as the weak link in current legal hold methods because of their software-only implementation.
A software-only implementation cannot be protected from the administrators who manage and govern it.
The biggest question is how many jobs to move out of London and where to move them.
Cargo containers, long a staple of international trade, are designed to be affordable, sturdy and water-tight.
Modifying these files directly is possible and of trivial security difficulty for a system administrator, though of potential technical difficulty.