Data is produced by businesses at an exponential rate, with estimates that the aggregate volume doubles every two years. This makes it imperative that all data is accounted for from the time it is created to the end of its useful life.
There are many strategies for managing data and many ways to ensure data security. However, these measures are only as good as knowing who has that data. And this is where so many companies fail. This “chain of custody” is critical for companies who want to ensure their data is secure, regardless of whose hands it ends up in.
What Should Be Included?
Every kind of media your company may use, from HDDs to CDs, should be included in the chain of custody strategy. The strategy itself is a plan that requires a complete record containing the name of every person who handles a particular piece of data. Also, information about where the data was stored and when and how it may have been modified must also be included.
Excluding any of this information can leave your company vulnerable to security breaches, fines due to legal non-compliance, and a decrease in customer and public trust, all which can have a direct effect on company revenue. At every stage, the journey of your company’s data needs to be properly recorded, stored and represented.
The Value Of Knowing Who Has Your Data
Not knowing who has your data can result in big financial losses should a security breach occur. For example, if a former employee were to sue your company for wrongful dismissal, the question of how their information was handled by your company prior to their dismissal will definitely come up. Should your company not be able to prove a complete chain of custody, it may be assumed that data was mishandled or otherwise tampered with, eliminating the possibility of your company being able to defend its position.
Steps To An Effective Chain Of Custody
There are many things you can do to ensure an effective chain of custody. First, access to data should only be given to authorised personnel. As well, each of your assets must have a unique identifier, and whenever edited or updated should be assigned a new identifier. As well, information should be added about changes made to the audit trail.
All interactions with assets should be recorded in hard copy and maintained so that they can be accessed in the event that a computer failure occurs.
A digital master copy of all data should also be created. This master should never be modified, and needs to be housed in some sort of secure facility off-site.
Absolute IT Can Help
We understand the importance of having a chain of custody; our experts have many years’ combined experience in secure asset disposal and IT asset security. We assist you with maintaining your chain of custody by providing you with full asset reports, certificates of destruction and data disposal certificates, all of which can be incorporated into your chain of custody.
We ensure the security of your data at every stage of the processing and destruction process. The mobile phones, desktops and laptops, company ID cards, hard drives, tapes and other media that we specialise in sanitising are all processed in a manner that keeps your information secure and confidential.
Absolute IT shredding units can shred down to 6mm particulates, which conform to the most stringent mandates and standards. Our secure mobile recycling vehicles contain a market-leading data erasure solution that’s capable of wiping any form of electronic media.
When you need to safeguard your information, the professionals at Absolute IT can provide you with the peace of mind and security you need. Get in touch to make a price enquiry.