Tiedon säilytys

Especially when local or unstructured data needs to be handled a lot due to the nature of the activity, it may be necessary to develop training that describes the risks involved for staff.

Common problems with local and unstructured data include e.g.:

• no backups
• no access management
• hard to locate

For data you do not want to lose, that you want to control, or that is important to find in the future, staff should use data systems designed for it.

Visitors shall have access to secure areas only with permission, after they are appropriately identified and their access rights shall be limited to the necessary facilities. All visits are recorded in the visitor log. In addition, staff have guidelines about safe operating in connection with visits.

Secure areas of the organization cannot be accessed unnoticed. The premises are protected by appropriate access control. Only authorized persons have access to the secure areas.

Remote workers have their own operating guidelines, which are monitored. In addition, regular training is provided to staff to identify threats to information security arising from the use of mobile devices and remote work, and to review the guidelines.

There are separate instructions for staff to use mobile devices. The instructions cover:

• restrictions on installing software and using various services on your organization's devices
• procedures for the registration of new devices
• requirements for physical protection of equipment and installation of updates
• access control requirements
• protecting your organization’s data with encryption, malware protection, and backup
• the ability of the organization to remotely control the device

Removable media must be stored in a safe, other locker or other secure furniture. They must not be stored around the office without careful thought.