The IT and Legal Hold Landscape: What Your Background Documents Reveal About Risk

Shadow IT: The Systems You Don’t Know You Have

When we request IT documentation, we’re not just checking boxes — we’re uncovering blind spots. Most IT teams maintain a system inventory, but once interviews begin, we routinely find 10–30% more systems purchased through contracts, field offices, or P-cards.

“Every undocumented system is a risk — and an opportunity to strengthen governance.”

Architecture diagrams, server inventories, and network maps help, but even when they’re incomplete, they point us toward the right questions.

The Forgotten Side of Offboarding

Most organizations excel at shutting off access when someone leaves. But far fewer have a consistent process for handling the data that person leaves behind.

What happens to their email?
Their OneDrive or Google Drive?
Their laptop hard drive?
Their personal file share?

The most common answer: “We check if they’re under legal hold.”

That’s where the next layer of risk emerges.

Legal Holds: Easy to Start, Hard to End

Legal departments are excellent at issuing holds — and notoriously inconsistent at lifting them. IT ends up storing old email files, hard drives, and archived data with no clear signal of when it can be released.

Overlapping holds make it even more complex. Data must be retained until the last hold expires, and tracking that manually is a recipe for mistakes.

“Legal holds are simple in theory and messy in reality.”

How We Use This Information

IT inventories guide our interview questions. Legal hold policies reveal how information is controlled. Together, they help us understand how people actually work — and where governance needs to evolve.

For more on this topic, check out What Counts by TrailBlazer Consulting, Episode 4.