| 2.1 Service Catalogue
15. Attachment Policy | |
|---|
| 2.1.15 Attachment Policy: | | 1. Any business data may be associated with any number of attachments where an attachment is an uploaded file and may also be downloaded. | | 2. An effective design is to have the attachment as part of a note where any number of notes may be associated with its parent data object | | 3. To protect people from the threat of downloading malware, attachments must be restricted to those types of files that are unlikely to contain malware. | | 4. To protect people from network delays, the physical size of an attachment must be limited to minimise delays when uploading and downloading. | | 5. This attachment policy is the subject of periodic review and shall be revised as and when applicable. | | 6. The person who uploads the attachment must have prior permission of the copyright owner and agree that the attachment can be shared by other approved people who have access to the same form. |
| 2. File Types: | | 1. The policy of preventing infection by malware means that the only file types that can be supported at the current time are:- | | .PNG is the recommended image file type for screen shots and photos. | | .JPG is an alternative image file type for pictures. | | .HTML is the recommended file type for documents - most documents can be saved as HTML. | | .PDF is an alternative file type for documents. | | .CSV is the recommended file type for tabular data - spreadsheets can be saved as CSV. | | 2. Microsoft Office file types such as DOC and XLS may contain macro viruses and that means they cannot be supported at the current time. Attachments have a life cycle of at least seven years and no Microsoft Office file type has remained stable for more than seven years. PDF is another file type that may not survive for another decade as the number of vulnerabilities found in its reader programs is unreasonable. PNG and HTML file types are guaranteed to survive for the next decade and can be recommended as shared data attachments. |
| 3. File Size: | | 1. The policy of preventing network delays means that file sizes must be restricted to one million characters (1MB). It would take a person a long time to type a million characters and it would take a long time to read a million characters. | | 2. Modern cameras may create photographs of 4MB and a print size more than one meter wide and high. It is not practical to try to view a photograph that is more than a meter in either direction when viewing on a computer screen. It is recommended that all photographs are reduced to postcard size (15cm * 10cm) so they can be uploaded and reused by many people using many sizes of computer screen. | | 3. The purpose of an attachment is to share an image with others - that image must be of a type and size that can be viewed by others. |
| 4. Upload: | | 1. The upload procedure is unique to the local browser used, but will always consist of two parts:- | | (1) Select a specific named file from the persons local computer as the attachment. | | (2) Upload that specific file to the application service as an attachment. | | 2. The application service then validates the attachment file type and file size to reject anything that is unknown or too big. | | 3. The attachment is quickly replicated and moved from the web server to a swarm of distributed data stores that cannot be accessed from the Internet. Stored attachments cannot be accessed by a criminal, cannot be lost, cannot be corrupted and cannot be changed. A reportable data breach is unlikely to happen because stored attachments are not connected to the Internet and have no context. | | 4. The author of any document or image is the copyright owner who must grant shared permission to the person uploading the attachment and to all people who are approved to view the upload form. |
| 5. Download: | | 1. Download procedure is dependent on the file type as:- | | (1) HTML, PNG and JPG attachments are copied from a secure location to a transient location on a web server where it can be viewed by a browser and optionally saved by a person to their local computer. | | (2) CSV and PDF attachments are streamed directly from a secure location to the persons local computer and into their download folder. | | 2. CSV and PDF attachment have a purpose involving extra manual processing that will be associated with a program on a local computer. | | 3. HTML, PNG and JPG attachments have a purpose that may be informative without extra manual processing, however they may be saved to the local computer when needed. | | 4. Every shared attachment has an author and copyright holder who grants permission for the attachment to be viewed by every person who is approved to view the form. When an attachment is downloaded, the person with that copy must gain the prior permission of the copyright holder before they can share the attachment with others. It could be an illegal act punishable with a fine under the Data Protection Act if a downloaded attachment was lost or stolen or stored without adequate security protection. | | 5. Downloaded data is a major liability that could lead to a reportable data breach, bad publicity, legal investigations, litigation, mandatory compensation payments to customers and fines. |
| 6. File Names: | | 1. Original file names cannot be retained because they may contain symbols that are not supported by all computers that view the attachments in the next decade. | | 2. When uploaded, the attachment is assigned a unique file name based on date, time, author and purpose. | | 3. For privacy and security purposes, attachments are clustered by site and by month so at the end of each month all attachments uploaded can be frozen, compressed and encrypted. Such attachment data remains readable, but cannot be lost, cannot be corrupted and cannot be changed. At least three and typically ten copies of all attachment clusters are distributed in secure data centers. |
| 7. Attachment Viewer: | | 1. Attachments are normally viewed as a download from the business data note or form, however utilities can be used. | | 2. Attachments that are copied to a transient day folder may be viewed for support, analysis and diagnostic purposes. | | 3. Attachments that are stored by site by month may be viewed to review scope and purpose. |
| 8. Security: | | 1. An uploaded attachment cannot be deleted or changed - it will exist until it is automatically destroyed in seven years time. Physical attachment file continued existence is a fundamental part of the service level. File names are safe to use with any type of computer. | | 2. The contents of an attachment are not read, monitored or processed in any way. Attachment content is not managed in any way. Malware is unlikely, but not impossible. Program software on local computers may have vulnerabilities that are exploited. |
| Document Control: | | 1. Document Title: Attachment Policy. | | 2. Reference: 162115. | | 3. Keywords: ITIL Attachment Policy, Upload, Download, Files. | | 4. Description: Attachment Policy for each Application Service. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 11 Jan 2017. | | 7. Edition: 1.1. |
|
|