S 1.36 Safekeeping of data media before and after dispatch

Initiation responsibility: IT Security Officer

Implementation responsibility: Mail Centre, User

Before sending a data medium, it must be ensured that adequate access protection is provided for the period between the time the data was saved on the data medium and the time of transport. Data media to which data has been written must be stored so that only authorised users have access to them, regardless of whether the data media are digital or analogue. If the data to be transferred is confidential, then the data media on which the data is stored must be kept locked in an appropriate container (a cabinet or a safe) until transport. The department responsible for transportation or delivery (e.g. the mailroom) must be instructed on the proper and secure storage and handling of the data media.

Review questions:

• Are data media with written data stored in such a way so that access is only possible for authorised users?
• Have all employees involved been instructed to ensure proper and secure storage and handling of data media?