Invariably organization tends to give more importance towards implementation of various controls to protect the information assets in the electronic form
However in practicality, either the electronic record is preceded or succeeded by paper documents which hold critical data. From the enterprise information security perspective it might leave a large gap, if these assets are not identified and process are built to protect the same.
In my experience, the first step towards implementation of control of paper based information asset is to put in a place an enterprise records management policy. Policy must handle the following :
· complete life cycle of records
· Listing of information assets
· Classification of assets
Once the organization implements the records management, it can do risk assessment of the assets on the basis of the classification. Risk assessment would guide organization in building controls in various business process to protect the critical information asset of the organization.
You must sign in to rate content.