Guest user Created: Aug 15, 2018 Last commented: Aug 15, 2018

3.2.3. List of Authorized Persons

The guideline for information classification talks about a list you have to make for „limited“ and „confidential“ documents. How does it work? Some of the documents talk at the beginning about purpose, scope and user (for example the SCOPE-document). Is this enough in that case?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 15, 2018

If you have an excel-sheet (for example the risk assessment) how will you handle the requirement? Do you create a new spreadsheet inside the whole excel document and list all the people / job titles which have approved access?

Answer:

By your text I'm assuming you are referring to section 3.2.3. List of Authorized Persons of the Information classification policy template. Considering that, first it is important to understand that this list is only for highly confidential documents, because it would impractical to manage all documents.

The section 1. Purpose, scope and users is not proper to cover this requirement, because if people have access to it they can read all document as well, authorized or not. The same applies to additional tabs in a spreadsheet.

In practice what you can implement for electronic documents is configuring the acces list in the folder where the document is stored.

For physical documents you can implement lists with who has access to the room or cabinet where the information is stored (e.g. by use of keys or security badges).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 15, 2018

Expert Advice Community