| 1.2 Demand Director
23. Information Security Standard | |
|---|
| 23. Information Security Standard: | | ISO 27001 is a fundamental part of ITIL 2.6 security management. We comply with all aspects of ISO 27001 with regard to data center installed hardward and operating system software. |
| 2. Privacy Impact Assessment: | | The purpose is to determine risks and threats to personal and busienss data - who may attack it and what would the consequences be. This is a continually updated document that is never complete and correct as threats evolve on a daily basis. | | Application services that do not store personal data are exceluded from the legal obligation, but included for completeness. Stage 1 may be to determine if a PIA is legally required, however for sound business reasons, a PIA is always prepared so business data can be as secure as personal data. |
| 3. Initial Privacy Impact Assessment: | | 1. Each and every privacy risk is identified from creation including data flows and state transitions until the data is destroyed. The key risk is where and how is the data stored and who has access to the data. As a policy, System Administrators never have access to any personal data that is not encrypted to the point where the data is meaningless and worthless. | | 2. The purpose of each and every field is mandated - why is it captured and how is it used. Certain field values like gender, religion, ethnicity are classified as high risk field values that must be stored using pseudonymisation and encryption to the point where the data is meaningless and worthless. | | 3. Data must never be collected for one reason and then repurposed for another reason. Data must not be captured by one company for one reason and sold to another company for another reason. All parties must sign mutually binding confidentiallity agreements. | | 4. As a policy, paper copies of any such data shall never be created or if originals are on paper, the originals must be destroyed as soon as the data is scanned or copied to digital form. The risk from paper documents is not acceptable and shall not be permitted. |
| 3. Where is the data stored: | | 1. Because all data is encrypted before it is physically replicated to many secure data centers, it is reasonable to say that personal data is never stored. It is impossible for any agent to view any personal data or to decrypt any personal data, so it is reasonable to say that personal data does not exist. It cannot be proven that personal data does exist by looking in any stored encrypted data center. | | 2. Application services can retrieve stored encrypted data and using other encrypted data can show approved people the personal and business data using transient encrypted communications. Application services include audit trails, history of all changes and evidence of who accessed when and when. | | 3. Data knows when it was created and when it was last changed and every other change in a field value. Data may be shared with its owner so the owner may identify where corrections need to be applied. | | 4. Business continuity is provided by encrypted data replication to a large number of secure data centers in real-time. In the event that one data center is not available, business continues to be provided by another data center. No backups are permitted, no recovery is needed and no restart is possible. |
| 4. Education: | | 1. No education is provided and no educational liabilities exist. People may use self-tuition guides and may watch videos of other people using the application. People have the right to use the application service as they choose by following the examples of what others do or learning to use services in their own unique way. | | 2. It is not recommended that anybody downloads any data to a local computer because any such download is not excrypted and shall be copied by many agencies in many countries. Downloaded data may be found up for sale on the dark web where it may be of value to competitors and other businesses. People have the right to leak their business and personal data to others and to agencies. Even if a person does not have the right to leak information, they may take a photo of their screen showing personal data and share the photo on social media. |
| 5. Data Dictionary: | | 1. Identify every field and one and only purpose. | | 2. How is the field value created - where from. | | 3. Who can acess each field - when and where. | | 4. Who can change a field value - when and where. | | 5. How is the field value stored - what kind of encryption. | | 6. Who is responsible for each field value - who is the data controller. | | 7. Is each field value shared - who is the data processor. | | 8. How is field value communicated - what kind of encryption. | | 99. Is the field value stored overseas - no as a policy. |
| 6. Data Protection: | | 1. Data is processed fairly and lawfully. | | 2. Data shall be obtained only for one documented legal purpose. | | 3. Data shall be adequate, relevant and not excessive in relation to its purpose. | | 4. Data shall be accurate and kept up to date or destroyed. | | 5. Data shall be destroyed when it no longer serves its documented purpose. | | 6. Data shall be processed in accordance with its owners rights. | | 7. Appropriate technical and organisational measures shall be take against unauthorised or unlawful processing and against accidental loss, destruction or damage. | | 8. Data shall not be transferred to a different country. | | 21. Has the person who owns the data given consent for it to be stored and processed? Does evidence of this consent been gathered? | | 22. Is disclosure of the data in the overriding public interest? | | 23. Does a statutory basis permit disclosure of the data such as a court order? | | 24. Will the actions interfere with the right to provacy and have you identified the social need and aims of the project? |
| 7. Assessment: | | 1. Risks and threats identified. | | 2. Privacy and security methods appropriate. | | 3. Parties involved. | | 4. Issues and concerns raised. | | 5. Alternatives identified, reviewed and rejected with rationale. | | 6. Public interest considerations. | | 7. Compliance considerations. | | 8. Human Rights Act considerations. | | 9. Conformity with International Standards, Industry best practice and Governments recommendations. |
| 8. Common Law Duty of Confidentiality: | | 1. Consent evidence trail - people will change their mind. | | 2. Physical security or people and infrastructure. | | 3. Fraud and accidential data alteration considerations. |
|
|