1. by [Company X]’s Risk Management Strategy.

1.   
If
media contains sensitive or personally identifiable information and you cannot
physically secure your workspace or area, you must store any such media
securely within a locked cupboard, drawer, office or other securely ‘locked’
environment.

 

2.   
The use
of courier contractors to transfer information/media is restricted to
organisations and agencies with which Company X has formal contractual
agreements.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

3.   
Personal
or sensitive information and data held on, or transmitted between, electronic
systems and the systems themselves are protected by the implementation of
procedural and technical controls that reduce risks of interception,
unauthorised disclosure, loss or unauthorised alteration to acceptable levels
as defined by Company X’s Risk Management Strategy.

 

4.   
Personally
identifiable or sensitive information should not be transmitted via electronic
messaging services, including email and EDI systems unless appropriately
protected and with the approval of IT management and the Information Security
Management Representative. The transmission of personally identifiable or
sensitive information by SMS text and Instant Messaging services is not
permitted under any circumstances.

 

5.   
The
retention of information must be defined by retention policies which meet the
requirements of Company X, contract or UK legislation and appropriate
procedures must be implemented to ensure that information is held securely and
is safely retrievable on request.

 

6.    Sensitive or personal information and data held
on any media must be physically destroyed when due for disposal or no longer
required. Procedures for identifying media that requires secure disposal must
be implemented and an audit trail of any media passed to external organizations
must be maintained. Where specialized disposal techniques are required, media must
only be passed to reputable organizations dealing with secure disposal of
information with which Company X has formal contractual agreements. Backup
data/media no longer required must be disposed of securely and with due
environmental consideration (WEEE Directive.)

Go Top
x

Hi!
I'm Rita!

Would you like to get a custom essay? How about receiving a customized one?

Check it out