Controls

Terug naar overzicht
Version

SB.6.001 Authorized data distribution

Data Protection
High
nvt
nvt
Process Owner
v2.0 (Q1 2024)

Description

The proces owner authorises distribution of confidential information explicitly to any recipient, internal or external to the organisation. For all non-incidental data transfers, the authorisation is documented and reviewed yearly. The authorisation includes which data can be shared, which persons/systems are authorised and under what conditions. Data can only be moved to hardcopy with express permission of the data owner. Information Security policy and controls are equally applicable to hardcopy data.

Specification

Internal data processing agreements are recommended to specify which data is transferred and the obligations for the receiving party with regards to handling and securing the data. Process owners are encouraged to periodically test if the appropriate measures are in place and remain responsible for the down-stream processing of the data.

Specification

ISO

NBA