26 septembre 2022

1.9 Outline Legal and Organisational Requirements for Information Security and Retention

Posted by under: Non classé .

Part of this difficulty is that regulations are not written in a way that can be easily understood by the average person. Often, it is necessary to work with a security professional to decipher the relevant requirements and create an implementation plan. These professionals have experience in implementing systems, policies and procedures to meet the requirements of various regulations and improve the security of an organization. Many have received qualifications, such as the HISP (Holistic Information Security Practitioner), which means they have a deeper understanding of the system controls required to achieve compliance. There are several ways to archive information, depending on the data it contains. It can be organized alphabetically, chronologically, or numerically. Collect the documents you want to archive, sort them alphabetically, numericly, or chronologically, locate the appropriate file, insert the document by dividing line, and return the file to its original location. Confidential files should be kept in a lockable cabinet and old documents should be shredded according to the duration set by the organization. The objective of the study was to analyse the security of personnel records at the Civil Aviation Authority. The objectives of the study were to: Review the types of personnel files at CAA, examine security threats and challenges facing the security of personnel records at CAA, assess current security measures for personnel records at CAA, and finally, propose and recommend security best practices in personnel records management for CAA.

The study used a qualitative and quantitative approach and samples were randomly selected. Document analysis, interview and observation methods were used for data collection. The study found that letters of appointment, confirmation letters, and biographical data forms were the most generated personnel records, while termination forms and termination letters were the least generated. Lockable cabinets, boxes and drawers were the usual storage equipment. The biggest challenges for personnel files were human activities such as unauthorized access and mishandling, insufficient space and funding, and fewer and unqualified staff, which largely resulted in uncertainty in personnel files. The study concluded that if CAA were to reformulate a comprehensive staffing records management policy to provide guidelines for excellent procedures for managing personnel records, hiring professionals and training their employees, digitizing personnel records to save storage space, implementing a larger warehouse, and increasing registry funding, there would be effective and efficient service delivery and decision-making. The study recommended that CAA formulate a comprehensive staffing records management policy to control legal procedures for managing personnel records, digitize personnel records to save space, train staff and hire qualified staff, purchase more warehouse equipment, expand warehouse facilities, and increase the registration budget to enable effective and efficient service delivery. Regardless of whether a company chooses to hire a trusted advisor, the first step in the process is to assess what laws and actions apply to it.

Once completed, they must organize their information security to overcome the limitations set by these actions. This process requires an established plan that outlines a consistent and effective way to alert and respond to threats. Many fear information security as an amorphous topic that only concerns the IT department. The reality is that the legal and reputational impacts resulting from a data breach affect the entire company. For this reason, it is important to create a top-down culture focused on security, with a focus on compliance with information security regulations. Electronic filing is similar, but on the computer. It is important to name the files so that they are easily recognizable by anyone who needs to access them. If the information is confidential, it must be encrypted with a password to prevent unauthorized access.

1.2 Describe the legal and organizational requirements for security and retention of information. This study, entitled e-DoX: DEPED Student Grade Records Management System with Implementation of Advanced Encryption Standard and PKI Infrastructure for the Department of Education in the Province of Cavite, is an online application designed to help private and public schools submit reports on Promotions of Form 18-A. Form 18-E1 and Form 18-E2 to the Divisional Office of the Ministry of Education of the Province of Cavite. The system would also eliminate factors such as transportation and storage to maximize the time allotted to the evaluation of submitted reports. In this study, Advanced Encryption Standard and Public and Private Infrastructure was implemented in e-DoX to secure digital data in a non-decipherable format sent from Cavite schools to the DEPED application.

Comments are closed.