The data that Finman handles involves healthcare information, banking and finance information, and manufacturing information. These types of data have legal requirements for confidentiality, data access, data storage, data retention, and data destruction. Since Finman is partnering with a data warehousing company, this information will be shared information and therefore require Datanal and Minertek to also follow these legal requirements. After a thorough review of the Service Level Agreement (SLA) between Finman, Datanal, and Minertek it is determined that standard information technology security measures are not clearly addressed. Best Management Practices (BMP), International Organization of Standards (ISO) and the Information Technology Infrastructure Library (ITIL) are some of the established standards used for the following recommendations to protect Finman’s data and intellectual property.
Recommended change #1
4 Statement of Intent
All parties agree to undergo modifications to systems and processes to ensure compliance with data usage, data sharing, data retention and data destruction. All parties will utilize an Account Control List (ACL) and Group …show more content…
Security breaches are all too common and is a grey area in many contracts. By establishing who has access to data, what data is being accessed, and how data will be destroyed, Finman should feel secure in managing the data between Datanal and Minertek. The D.O.D. 5015.02 standard defines mandatory requirements for records management. It encompasses access controls, metadata, security classifications and data destruction. “This Standard addresses a minimum set of baseline functional requirements applicable to all Records Management Applications” (DoD 5015.02-STD, 2007, p.