Laptops are protected by full-disk encryption.
Secure areas of the organization cannot be accessed unnoticed. The premises are protected by appropriate access control. Only authorized persons have access to the secure areas.
Removable media includes e.g. flash memories, SD memories, removable storage drives, USB sticks and DVDs.
The organization has defined which removable media is allowed to be used.
Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.
Organization has defined the areas for handling confidential information and the operating rules that are followed in all activities that take place in the corresponding areas.
In the rules, consideration should be given to the following points:
For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.
Irrespective of the form in which the information is presented, personal data or other confidential information shall be processed in such a way that the information isn't disclosed for outsiders.
Conversations concerning personal data or other confidential information shall not be conveyed to adjacent premises to those who do not have the right to information.