Solved

Terminology - Hard Copy Sensitive Data

Posted on 2011-03-23
8
288 Views
Last Modified: 2012-05-11
What is the correct terminology / management term for handling off paper copies of sensitive data? Is there any standard best practice in this area for appropriate handling of hard copy documents that contain sensitive data? If I knew what this control area / management area was called I could research it further to see what employees handling sensitive print copies should do to prevent losing it, disclosing it to inappropriate parties etc.

I am sure PCI must cover this for CC details printed out etc, thats another thing actually sensitive data sat in printers trays.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:vinaypatki
ID: 35197231
I have not heard anything other than "sensitive or confidential documents". Have you heard anything other than this or is this just a curiosity?
0
 
LVL 4

Accepted Solution

by:
m_walker earned 80 total points
ID: 35197256
In australia we refer to the general area as "records management" This covers any data "records" that must be managed as part of doing business.  It then covers things like paper-based, electronic, storage and transfer of records, and so on.  
0
 
LVL 3

Author Comment

by:pma111
ID: 35197319
vinaypatki:

I wasnt on about the classifacation of the document per se, more the handling of the document when its in hard form (paper/report), I wasnt sure if this was known as "information handling" or similar
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 3

Author Comment

by:pma111
ID: 35197341
m_walker - re paper based, was there any best practice on do's and dont's and how you can check your staff are adhereing to this best practice when they have sensitive data in hard-copy form, or any suggested training for staff?
0
 
LVL 4

Expert Comment

by:m_walker
ID: 35197403
Its been a while as someone else took on that project.

Have a look at : http://www.naa.gov.au/records-management/index.aspx
Remember this is and AU guideline.

I do know that ensuring your staff are adhereing to best practice will be based around your policies and procedures and how you audit those.

For example.  Lets say you want to make sure documents from the HR office are shreded.  Then the policy might say "All HR Docs must be shreded".  The procedure might say "Ensure you collect all old docs into the "to be shreded" box.  secure the shredder and as you shread each document, record the document ID as shredded.

So the "recorded" bit provides the audit trail.  The last step is to check the audit log.  If it has too few lines then the procedure is not being followed
 
0
 
LVL 4

Assisted Solution

by:vinaypatki
vinaypatki earned 40 total points
ID: 35204493
PMA11,

BS7799 standard for information security management will cover all aspects of data storage/mgmt including hard copies.
0
 
LVL 3

Assisted Solution

by:InfoStranger
InfoStranger earned 80 total points
ID: 35205213
In the USA, we call it document retention.  There are no standards or best practices for discarding documents.  Keep in mind US government can create a standard on how you discard your documents.  If you want to keep them private from others, you should be as stringent as possible.  Keep in mind that most standards are usually so general that it will not tell you how to discard your documents in detail.  If they did, the government is not very wise because all the criminals will just try to figure out the ways to reverse the documents and use it against you.  Best Practice may work for one organization but too expensive for others and it is only a recommendation.

Recommendations on a safer discarding of documents: (I suggest all 3 together)
1) if you shred your own paper documents, use a crosscut shredder so it is not as easily put together
2) when throwing away documents, mix the documents with other shredded documents
3) split the shredded documents into different trash cans

Or you can always hire a reputable shredding company to take it away and discard.

Some people start a bonfire and sing Kumbayah while burning the documents.  ha ha ha...  Actually, it is true.
0
 
LVL 4

Expert Comment

by:m_walker
ID: 35205253
side comment: (dont mean to steal the thread)
A few years back I was doing a job at a metal processing plant.  Out of nowhere, we got a "tools down" order and moved over.  then about 10 Men come in all in suites and one had a breif case.  The proceded to the furnace, one of the men went to the man with the breif case and unlocked on lock, then  a 2nd did the other side.  The opened the case took out some hard drives and threw them into the furnance.  The then waited for about 1/2hr then left and we could return to work.

So you could try that LOL.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question