With information governance recognised as an essential part of managing an efficient and high quality business, it is vital that organisations and individuals understand the importance of the concept and understand the way in which information is handled and transferred into and out of their organisation. Vital to understanding your own information management processes is the act of data mapping. This is now a key element for NHS bodies looking to demonstrate compliance against the information governance (IG) Toolkit standards.
Data mapping is an effective way to chart the flow of information into and out of an organisation and subsequently identify any high risk areas, allowing for the development of guidance to minimise these risks. The IG toolkit suggests that there are four key elements that need to be considered when mapping data;
1. Data Type
According to the Information Governance Toolkit guidelines, the types of data that should be mapped include such items as:
– Appointment letters – Birth notifications – Adoption records – Employment records – Personnel records – Payslips – Client surveys
This list is by no means exhaustive and as you start to think about the data that moves into and out of your organisation, you will appreciate that there is a great deal of information transferred.
There is also specific guidance available on the types of data that do not need to be mapped, an exclusion list, this includes items such as:
– Telephone conversations – Face to face discussions – Video conferencing
2. Data Format
The next thing to consider is the format that data is stored and transferred in; this includes both digital and hard copy data such as letters, x-rays, MP3 files, CDs, emails
3. Transfer methods
Again, the way in which data is transferred can include anything from courier delivery, faxes and internal documents being carried by staff to another department.
When considering locations you need to think exactly where data is coming from and where it is going to, both internally and externally. For example: Schools, patients’ homes, other NHS organisations or departments, prison services etc.
Once you have considered all of the above points the next step is to map all of the different combinations of the 4 elements so that ultimately you are able to produce a clear and easy to understand map of exactly what, how and where information is transferred.
But the task doesn’t stop there, the next step is to analyse this map to identify any high risk areas where information security procedures could potentially be breached, you should then go on to produce guidance to minimise these risks to ensure that following your data mapping exercise your systems and mechanisms for data transfer are secure, efficient and appropriate.
The IG toolkit guidance suggests that within smaller organisations, all of the above could be carried out by one individual, who knows all of the processes involved in transferring data. However in larger organisations it is advised that a number of individuals contribute to this exercise to ensure that knowledge around specific department practices and procedures is shared, to enable a full understanding of the data transfer processes throughout the organisation.
Dual-use items are any items that can have both military and commercial applications. These items may appear to be innocuous but, in the hands of the wrong people, can be used for destructive purposes. Examples of dual-use items include communications equipment, machine tools, handcuffs, information security, electronics, lasers, and encryption software. In addition, there are thousands of metals, compounds and chemicals that are controlled because they can be used for military applications.
Many firms whose primary business is not considered ‘sensitive’ are unaware of their obligations under the EAR. Companies are proud to export U.S. products overseas but many have never given much thought to the consequence of these activities.
The penalties for violations of export laws can be severe. Companies considered household names have paid significant fines for violations of U.S. export laws. Many smaller companies have been penalized as well. Recent examples include a Florida company having paid a $1,102,200 civil penalty for illegal exports of fingerprint equipment and other crime control items and a New Jersey-based freight forwarder was sentenced to a $250,000 criminal fine and five years probation as well as a $399,000 administrative penalty for the shipment of items to India without the required export license.
The penalties for violations have recently been increased in an effort to improve compliance with the BIS regulations. On October 16, 2007, President Bush signed into law the International Emergency Economic Powers (IEEPA) Enhancement Act. The Act provides for civil penalties amounting to the greater of $250,000, or twice the value of the transaction that is the basis of the violation, that may be imposed for each violation of IEEPA. Willful violators can expect criminal penalties including fines up to $1,000,000 and/or up to 20 years in prison.
Questions Every Exporter Must Ask
• Have we had all of our items, technology and software classified by the BIS or other competent expert?
• Do we know our customer (i.e. do we check our customers against the government lists of denied parties, specially designated nationals, and other required databases)?
• Have our employees involved in export transactions received the necessary training to ensure compliance?
• Do we have adequate recordkeeping practices in the event of a BIS enforcement audit?
• Do we have a formal export compliance program in place to ensure compliance to U.S. laws and regulations?
Maintaining control of your exports is not a cost of doing business. Aside from being the ‘right thing to do’, it can save money, avoid negative publicity and improve export shipment flows. What you don’t know can hurt you.
For more information on trade compliance or export compliance consulting visit https://www.wearecompliant.com
How Your Data Saved In USB Flash Drive Might Be At Risk
Where USB flash drive serve computer users all around the world, similarly, it imposes threats to the data of computer users in every part of the world. One of the examples of just big threats was witnessed by the whole world when Edward Snowden, who was an employee of NSA (National Security Agency) and CIA (Central Intelligence Agency (CIA) stole confidential information of the department and revealed to in front of the world. Stealing data for Snowden was just a piece of cake, all he did was that he carried an ordinary USB flash drive to the workplace, copied all the data that he intended to compromise and walk away with all that information. Here are some of the threats imposed by USB flash drive to your data security.
USB drives are as small as a human thumb nail in size and have the immense capability of storing data. This quality of pen drives makes them a perfect tool to steal data. An employee who is furious on a company or is bribed to leak data can easily carry sensitive information from the company and hand it over to the rival entrepreneur. You might be astonished to know that insider threat is the second biggest threat after the threat imposed to data security by hackers.
Prone to Getting Lost and Stolen
Due to the small size of USB flash drive, it imposes huge threats to your data that is saved in those small data storing devices. Their tiny existence makes them prone to getting lost and stolen, even if you have deleted all the data saved in that portable drive before it was lost, your data will still be at risk of getting compromised. Because when you delete files from a pen drive, it actually does not get removed; instead a small sheet covers the saved files that can easily be extracted by an expert. Using USB Security Software can secure your data saved in your USB jump drive.
Hackers used to spread malware via emails and other infectious links through the internet. But, these cyber criminals have learned a more effective way of spreading infectious program i.e. via USB flash drives. Research suggests that more than 70 percent of the people who find an abandoned USB flash drive will like to plug it into the computer without even giving a single thought about their data’s security. Even more than 30 percent of the IT pros tend to plug it into their computer.
The steps you can take to stop data leakage through USB flash drive is only allowed the authorized users to use only authorized small portable data storing devices. The new principle of Bring Your Own Device (BYOD) should not be encouraged as it imposes as it establishes some real chances of data theft. All in all, USB flash drive is such a wonderful piece of invention that is helping millions of users all around the world to transfer data. You just need to be a bit careful and take some precautions while using it for the sake of your data’s security.