Pau Lo
asked on
Terminology - Hard Copy Sensitive Data
What is the correct terminology / management term for handling off paper copies of sensitive data? Is there any standard best practice in this area for appropriate handling of hard copy documents that contain sensitive data? If I knew what this control area / management area was called I could research it further to see what employees handling sensitive print copies should do to prevent losing it, disclosing it to inappropriate parties etc.
I am sure PCI must cover this for CC details printed out etc, thats another thing actually sensitive data sat in printers trays.
I am sure PCI must cover this for CC details printed out etc, thats another thing actually sensitive data sat in printers trays.
vinaypatki
I have not heard anything other than "sensitive or confidential documents". Have you heard anything other than this or is this just a curiosity?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
vinaypatki:
I wasnt on about the classifacation of the document per se, more the handling of the document when its in hard form (paper/report), I wasnt sure if this was known as "information handling" or similar
I wasnt on about the classifacation of the document per se, more the handling of the document when its in hard form (paper/report), I wasnt sure if this was known as "information handling" or similar
ASKER
m_walker - re paper based, was there any best practice on do's and dont's and how you can check your staff are adhereing to this best practice when they have sensitive data in hard-copy form, or any suggested training for staff?
Its been a while as someone else took on that project.
Have a look at : http://www.naa.gov.au/records-management/index.aspx
Remember this is and AU guideline.
I do know that ensuring your staff are adhereing to best practice will be based around your policies and procedures and how you audit those.
For example. Lets say you want to make sure documents from the HR office are shreded. Then the policy might say "All HR Docs must be shreded". The procedure might say "Ensure you collect all old docs into the "to be shreded" box. secure the shredder and as you shread each document, record the document ID as shredded.
So the "recorded" bit provides the audit trail. The last step is to check the audit log. If it has too few lines then the procedure is not being followed
Have a look at : http://www.naa.gov.au/records-management/index.aspx
Remember this is and AU guideline.
I do know that ensuring your staff are adhereing to best practice will be based around your policies and procedures and how you audit those.
For example. Lets say you want to make sure documents from the HR office are shreded. Then the policy might say "All HR Docs must be shreded". The procedure might say "Ensure you collect all old docs into the "to be shreded" box. secure the shredder and as you shread each document, record the document ID as shredded.
So the "recorded" bit provides the audit trail. The last step is to check the audit log. If it has too few lines then the procedure is not being followed
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
side comment: (dont mean to steal the thread)
A few years back I was doing a job at a metal processing plant. Out of nowhere, we got a "tools down" order and moved over. then about 10 Men come in all in suites and one had a breif case. The proceded to the furnace, one of the men went to the man with the breif case and unlocked on lock, then a 2nd did the other side. The opened the case took out some hard drives and threw them into the furnance. The then waited for about 1/2hr then left and we could return to work.
So you could try that LOL.
A few years back I was doing a job at a metal processing plant. Out of nowhere, we got a "tools down" order and moved over. then about 10 Men come in all in suites and one had a breif case. The proceded to the furnace, one of the men went to the man with the breif case and unlocked on lock, then a 2nd did the other side. The opened the case took out some hard drives and threw them into the furnance. The then waited for about 1/2hr then left and we could return to work.
So you could try that LOL.