To enhance a business' internal controls of securely managing customer data the following sample policy can be used to mitigate against risk of data loss.
Required office equipment:
- Paper shredder
- Locked drawer or file cabinet
- Locked office space
Items that should be managed:
- Anything that contains personal identifiable information of customers or employees
- i.e. name, address, social security number, date of birth, etc.
- Items that contain strategic company documents
- i.e. legal agreements, business plans, development plans, etc.
- Any information classified by prevailing business law that needs to be secured
- Medicine - any health information
- Financial - account numbers, balances, tax records
- Paper documents
- Sticky notes
- Business cards
- Removable media - CDs, floppy disks, USB and other storage types
- All documents must be shredded that are no longer needed
- If a document is needed, it has to be secured at the end of day or during periods of lengthy absences from the working space
- If possible, office space has be locked during any periods of absence
Office manager/supervisor responsibility:
- All office space must be checked for compliance on a daily basis
If you have any questions, or a require a customized policy to be created, please contact support.