Dealing with Confidential Information
Business and Administration
Unit three // Session 2 Dealing with confidential information
An example of a procedure for dealing with confidential paper-based information 1. Confidential paper-based information must be stored in red folders. These will be marked clearly with the word CONFIDENTIAL. 2. The red files are stored in red cabinets. The cabinets are always locked. For each cabinet there will be an authorised keyholder (or keyholders). 3. The files may only be accessed with the consent of the authorised keyholder. This consent may be withheld. 4. Confidential files should be kept up to date by an authorised senior administrator. 5. Confidential files that have passed their retention date or that are no longer required should be deleted / destroyed by cross shredding. 6. Confidential files should not be taken from their office base without permission. An example of a procedure for dealing with confidential electronicbased information The protection of electronic systems is often done through the use of access levels. These specify who can (and who cannot) access a certain type of document. The access levels may include: 1. No access allowed – this means highly confidential documents cannot be found or read by all but a few people. The document will not show up when internal organisation searches are made. 2. Read-only access – this means a member of staff can read the document. 3. Read and edit access – a member of staff can access the document and change it. 4. Enter and index access – the member of staff can scan in new documents, index them and save them in a designated folder. 5. Distribution access – the member of staff is authorised to distribute documents. 6. System administration access – this senior member of staff has the authority to change access levels / change how things are stored and filed / make decisions on archiving and deleting files.
Key point! The aim is to ensure that the organisation identifies the level of sensitivity of a
Unit three // Session 2 Dealing with confidential information
An example of a procedure for dealing with confidential paper-based information 1. Confidential paper-based information must be stored in red folders. These will be marked clearly with the word CONFIDENTIAL. 2. The red files are stored in red cabinets. The cabinets are always locked. For each cabinet there will be an authorised keyholder (or keyholders). 3. The files may only be accessed with the consent of the authorised keyholder. This consent may be withheld. 4. Confidential files should be kept up to date by an authorised senior administrator. 5. Confidential files that have passed their retention date or that are no longer required should be deleted / destroyed by cross shredding. 6. Confidential files should not be taken from their office base without permission. An example of a procedure for dealing with confidential electronicbased information The protection of electronic systems is often done through the use of access levels. These specify who can (and who cannot) access a certain type of document. The access levels may include: 1. No access allowed – this means highly confidential documents cannot be found or read by all but a few people. The document will not show up when internal organisation searches are made. 2. Read-only access – this means a member of staff can read the document. 3. Read and edit access – a member of staff can access the document and change it. 4. Enter and index access – the member of staff can scan in new documents, index them and save them in a designated folder. 5. Distribution access – the member of staff is authorised to distribute documents. 6. System administration access – this senior member of staff has the authority to change access levels / change how things are stored and filed / make decisions on archiving and deleting files.
Key point! The aim is to ensure that the organisation identifies the level of sensitivity of a