Data Handling Policy

Introduction

Assets and data sets need to be handled by users according to their classification in order to properly safeguard them from unauthorized access and usage. Data can be in electronic or printed format, and may be transmitted, processed, and/or stored in the IT environment. Logicol de Catalunya S.L.’s IT environment includes all systems, applications, equipment, individuals, locations, and connections used for, and involved with, the transmittal, processing, and/or storage of personal data.

Electronic data can be emailed, faxed, transmitted via instant message and other messaging technologies. Printed data can be faxed, hand delivered, scanned, and mailed. Data can be stored on systems, in code, workstations, devices, mobile media, backup tapes, and other locations. Electronic data can be printed or copied to another workstation or system. Printed data can be retained in file cabinets and on desks.

Handling assets and data according to its classification level can help protect Logicol de Catalunya S.L.’s data from unauthorised access and usage, and help safeguard Logicol de Catalunya S.L.’s finances, operations, and brand name.

Scope

This policy applies to Logicol de Catalunya S.L. employees, third-parties, service providers, contractors, temporary employees, and/or other staff members at Logicol de Catalunya S.L., whether conducting activities on Logicol de Catalunya S.L. premises or off-site where personal data is present.

This policy applies to all systems, applications, and equipment owned and/or leased by Logicol de Catalunya S.L. where personal data is present.

Handling Requirements for Data Sets Classified as Personal Data under GDPR

Access: Business need-to-know only. Reviewed at least quarterly.
Non-Disclosure (NDA):Logicol de Catalunya S.L. third-parties and employees may only access these assets and data after signing an NDA. The system owner must then approve the distribution.
Changes:Changes made to these assets and data sets must follow Change Management rules.
Email:Only individuals approved by Management to transmit this data may do so, and then only if the email and its attachments are approved using a Logicol de Catalunya S.L. approved encryption method.
Internet:This data may never be transmitted using a non Logicol de Catalunya S.L. email system. This includes posting to unauthorised websites or using unauthorised messaging technologies.
Fax:The person sending the fax with this data is required to be present at the fax machine to verify that it has been sent and is not stored in the memory. A receipt request is required.
External Mail:This type of data is to be packaged in a secure manner and delivered by a commercial delivery service which can be tracked. A return receipt should be used or requested, such as a delivery signature.
Printing:This type of data should not be printed unless absolutely needed for business purposes, and after approval from Management.
Print Storage:Printed data is required to be within eyesight or within possession at all times, or locked up in a secure manner or location.
Electronic Storage:Stored data may not be retained in a readable format and is to be truncated, masked, or encrypted using a Logicol de Catalunya S.L. approved method. This includes data storage on workstations, systems, backup tapes, etc.

Handling Requirements for Assets and Data Sets Labeled as Confidential

Access: Business need-to-know only. Reviewed at least quarterly.
Non-Disclosure (NDA):Logicol de Catalunya S.L. third-parties and employees may only access these assets and data after signing an NDA. The system owner must then approve the distribution.
Changes:Changes made to these assets and data sets must be approved by management and the system owner prior to the change, recorded and retained for minimum of one year.
Email:Only individuals approved by Management to transmit this data may do so, and then only if the email and its attachments are approved using a Logicol de Catalunya S.L. approved encryption method. A receipt request should be used or requested.
Internet:This data may never be transmitted using a non Logicol de Catalunya S.L. email system. This includes posting to unauthorised websites or using unauthorised messaging technologies.
Fax:The person sending the fax with this data is required to be present at the fax machine to verify that it has been sent and is not stored in the memory. A receipt request is required.
External Mail:This type of data is to be packaged in a secure manner and delivered by a commercial delivery service which can be tracked. A return receipt should be used or requested, such as a delivery signature.
Printing:This type of data should not be printed unless absolutely needed for business purposes, and after approval from Management.
Print Storage:Printed data is required to be within eyesight or within possession at all times, or locked up in a secure manner or location.
Electronic Storage:Stored data may not be retained in a readable format and is to be truncated, masked, or encrypted using a Logicol de Catalunya S.L. approved method. This includes data storage on workstations, systems, backup tapes, etc.

Handling Requirements for Assets and Data Sets Labeled as Sensitive

Access: Business need-to-know only. Reviewed at least quarterly.
Non-Disclosure (NDA):Logicol de Catalunya S.L. third-parties and employees may only access these assets and data after signing a NDA.
Changes:Changes made to these assets and data sets must follow Change Management rules.
Email:Only individuals approved by Management to transmit this data may do so, and then only if the email and its attachments are approved using a Logicol de Catalunya S.L. approved encryption method. A receipt request should be used or requested.
Internet:This data may never be transmitted using a non Logicol de Catalunya S.L. email system. This includes posting to unauthorised websites or using unauthorised messaging technologies.
Fax:The person sending the fax with this data is required to be present at the fax machine to verify that it has been sent and is not stored in the memory. A receipt request should be used or requested.
External Mail:This type of data is to be packaged in a secure manner and delivered by a commercial delivery service which can be tracked. A return receipt should be used or requested, such as a delivery signature.
Printing:This type of data should not be printed unless absolutely needed for business purposes, and after approval from Management.
Print Storage:Printed data is required to be within eyesight or within possession at all times, or locked up in a secure manner or location.
Electronic Storage:Stored data may not be retained in a readable format and is to be truncated, masked, or encrypted using a Logicol de Catalunya S.L. approved method. This includes data storage on workstations, systems, backup tapes, etc.

Handling Requirements for Other Assets and Data Sets

Access: Access is available to everyone.
Non-Disclosure (NDA):No NDA is required to distribute these assets or data
Changes:Changes should follow the Change Management Rules
Email:May be readily emailed
Internet:May be readily transmitted; however caution should be used if posting to an external website to ensure that Logicol de Catalunya S.L.’s reputation will not be harmed.
Fax:May be readily faxed.
Internal Mail:May be delivered freely via internal mail.
External Mail:Mail be readily mailed outside of Logicol de Catalunya S.L.
Printing:May be readily printed.
Print Storage:Does not need to be stored securely.
Electronic Storage:Does not need to be stored securely.

Utilizamos cookies propias y de terceros para mejorar tu navegación y ofrecerte nuestros servicios. Si continuas navegando, consideramos que aceptas su uso. Puedes obtener más información en nuestra Política de Cookies.