Table of Contents Table of Contents
Previous Page  107 / 192 Next Page
Show Menu
Previous Page 107 / 192 Next Page
Page Background


Appropriate Steps

IT operations

• develop operational policies, guidelines and

procedures to protect personal data stored

electronically to ensure confidentiality and

integrity of the data and accountability of

those who handle it, including (where


– user access rights approval, management,

assignment and removal procedures

– password complexity, retry, reset and expiry

guidelines to prevent passwords from being


– change control approval and management

– segregation of production, testing and

development environments policy

– IT asset disposal and erasure standards to

ensure no leakage of personal data

– portable storage device use and protection

– anti-malware strategy and execution

– security patch and vulnerability

management for software, computers and


– end-point security and data loss prevention


– wired and wireless network security and

access control standards

– logging and monitoring of systems, user and

IT access procedures

– data centre and equipment physical

protection guidelines

– backup strategy and protection policy



If the file can be accessed through a URL, then even when there are no hyperlinks to the file, it can be searched and

“published” by search engines.