Data is classified into - Strictly or Highly Confidential
Examples
Content of Audit Reports.
Personnel, Executive/Top Management Information.
Data identified by government regulation to be treated as confidential, or sealed by order of a court of competent jurisdiction.
Care Required
When stored in electronic format, highly confidential data must be protected with minimum level of authentication such as the application of strong password usage convention.
Access to highly confidential data must be recorded/logged, tracked, and regularly monitored.
When stored on mobile devices and media, protection and encryption measures provided through mechanisms (e.g., access/password controls and 128 bit encryption) approved by the Head of the IT Department must be employed. Data must be stored in locked physical storages like drawers, rooms, or warehouses or areas where physical access is controlled by
security guards, cipher locks, biometric controls, and/or card readers. Highly confidential data must be strongly encrypted when being transferred electronically to any entity outside of the Group.
When sent via fax, this type of data must be sent only to a previously established and already used/tested address or one that has been verified as using a secured location.
Highly confidential data must not be posted on any public website.
Data must be destroyed when no longer needed, subject to the Group Data Retention Policy. Destruction of data can be in any of the following ways:
- Hard copies of documents containing classified information must be destroyed by shredding the documents or another approved process that destroys the data beyond recognition or reconstruction.
- Electronic storage media containing classified information must be appropriately sanitized by degaussing and physical destruction.
- Deleting files or re‐formatting the media containing data in electronic format is NOT an acceptable method of destroying Strictly or Highly Confidential data.
The Data Owner must immediately be notified if Strictly or Highly Confidential data is accessed without proper authorization, lost, disclosed to unauthorized parties or is suspected of being lost or disclosed to unauthorized parties, or if any unauthorized use of Group information systems has taken place or is suspected of taking place.
Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.
Please Follow us.
Facebook Profile
Google+
facebook Page
Youtube
No comments:
Post a Comment