S 1.32 Suitable locations for printers and copiers
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Administrator
To prevent the manipulation of printers and unauthorised persons from copying or reading printer output, printers should be installed in locations accessible only to authorised persons. At a minimum, printers should not be installed in areas frequented by visitors or external personnel, and in particular not near any meeting, event or training rooms. The only exceptions are those printers intended especially for these areas, for example in training rooms.
Copiers are also often found in printer rooms as well. From a security perspective, you must ask if there is a risk of someone quickly making copies of any printouts lying around. On the other hand, experience has shown that even when printouts are simply taken away, most users will blame it on technology and will not even consider that the printout may also have been stolen intentionally by someone else.
To avoid such problems, it is advisable to install printers and copiers so that they are in plain view of company personnel. This means, for example, that printers and copiers should not be installed somewhere in a dark corner, but in a room with a glass door that can be seen from the reception desk instead.
It is better to install printers and copiers in a closed room that can only be accessed by authorised personnel. This is recommended to achieve a high protection level.
For large printers, it is even better when the printouts are distributed by a trustworthy person into boxes which can only be accessed by the corresponding recipient. Printouts must therefore be labelled with the name of the recipient. This can be done automatically by print programs. If a very high protection level is required, this solution should be examined to see if it is suitable to meet the requirements.
Users often only realize that they have printed out the wrong document or that a minor change is necessary once they are at the printer. Such printouts are often thrown in an open waste-paper bin directly next to the printer in this case. Since confidential documents can also get into the wrong hands, it is recommended to put a paper shredder directly next to network printers. If this is not possible, then the users must be informed that they are not permitted to leave such documents lying around and that such documents must be destroyed using other means.
Review questions:
- Are the printers, copiers, and all-in-one devices installed in such a way that only authorised users have access to them?
- Have users been sensitised with regard to a loss of data confidentiality due to inappropriate handling of printouts?