Personnel guidelines for safe processing of personal and confidential data

Critical
High
Normal
Low

The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.

Connected other frameworks and requirements:
29. Processing under the authority of the controller or processor
GDPR
7.2.2: Information security awareness, education and training
ISO 27001
18.1.4: Privacy and protection of personally identifiable information
12.1.1: Documented operating procedures
ISO 27001
11.2.8: Unattended user equipment
ISO 27001

Endpoint PIN-protection and automated locking

Critical
High
Normal
Low

Devices should be protected against unauthorized access to or disclosure of information stored on or processed by them. Mandatory protection of the devices, e.g. with a 5-digit PIN code before each use, and automatic locking of the devices, e.g. after 5 minutes of inactivity, can help.

Connected other frameworks and requirements:
11.2.9: Clear desk and clear screen policy
ISO 27001
7.7: Clear desk and clear screen
ISO 27001

Locked cabinets for storing confidential paper data

Critical
High
Normal
Low

If sensitive paper information is required, there are safes, other lockers or other secure furniture for storing it.

Sensitive information must not be lurking available to anyone around the office.

Connected other frameworks and requirements:
11.2.9: Clear desk and clear screen policy
ISO 27001
7.7: Clear desk and clear screen
ISO 27001
No items found.