S 1.45 Suitable storage of official documents and data media
Initiation responsibility: Building Services Manager, IT Security Officer
Implementation responsibility: Employee
Only authorised persons should have access to official documents and data media. This should also be applicable outside of the official office buildings, for example at a home or a mobile workplace. When not in use, official documents and data media must be stored in such a way that they are inaccessible to unauthorised persons.
All employees should have to opportunity to lock all important, and especially all highly sensitive data media and documents at their office workplace. Desks, roller file cabinets, or cabinets with locking doors or drawers can be used to this end. The employees must be made aware of the fact that documents and data media requiring protection must be stored in locked facilities.
The locks on these desks or cabinets must at least be able to resist attempts to open them using tools that are easy to manufacture or purchase (paper clips, lock picks, etc.). Furniture locks with at least 4 tumblers and at least 1000 different keys must be used. In addition, it must be ensured that the locks cannot be bypassed simply by removing another part, for example the rear panel. Furthermore, the overall protection provided by the desk or cabinet must meet the security requirements of the documents and data media that will be stored in it.
For this reason, it is also necessary to provide a sufficient number of lockable containers (desk, roller file cabinets, cabinet, or such like) with adequate protection at home workplaces.
When working on the road, no official documents or portable IT systems should be left unattended. They should be secured against theft, for example by equipping them with anti-theft devices, storing them in locked cabinets, or by taking other simple safeguards. In addition, it is recommended to transport official documents and portable IT systems in lockable attaché cases.
Review questions:
- Are official documents and data media protected appropriately?
- Are sufficient lockable containers for securely storing documents and data media available at all office workplaces?
- Have the employees been instructed to store all documents and data media containing information with higher protection requirements under lock and key?