Data handling requirements

Ensuring the confidentiality, integrity, and availability of requirements during various states that any data will pass through requires the secure handling of such data. Appropriate policies and procedures should be established for handling sensitive data.

Handling sensitive information

Sensitive data such as confidential files need special care. Some of the best practices to handle sensitive information include the following:

• Secure disposal of media: Media containing sensitive data has to be disposed off in a secure manner. Shredding in case of paper documents and pulverizing in case of digital media are some of the methods used in media disposal.
• Labelling: Appropriate labelling is important for sensitive data without disclosing the type of content.
• Access restrictions: The need to know principle is to be adopted while designing and implementing access restrictions to sensitive data.
• Formal records of authorized recipients of data: Recipients who are authorized to access the data should be documented and approved.
• Storage of media: Media storage should be as per manufacturers' specifications and industry best practices.
• Data distribution: Appropriate controls should be established to ensure that the data is distributed only to approved and authorized entities as per the authorized recipients list.
• Clear marking: Marking on sensitive data has to be clear and legible for appropriate identification and handling. Marking may use codes compare labelling that may only be used for identification purposes.
• Review of distribution lists: Periodic review of the distribution lists is necessary to ensure that the data is not shared with obsolete or unauthorized entities.
• Control of publicly available information: Suitable controls should be established to ensure that sensitive data is not disclosed or posted to publicly available repositories or websites.