Last week, we discussed the Life Cycle of the records in your office – this week we take a closer look into the Integrity and Confidentiality of those records, as well as how to keep those very same records secure.
Verifying record authenticity
- The document must be the work of the stated author or source. The name of the author must be a part of the document or attached to the document to assure the authenticity of the document.
- No alteration of the contents of the document should have occurred without permission of the author and or copyright holder
- The document was issued or released by an authorised individual or organisation.
- A certificate of authenticity might accompany the document with the signature of an authorised official.
- Use of online processes – organisations must ensure that online business processes do not compromise the integrity and appropriate use of documents that contain sensitive E.g. a time stamp embedded in an electronic document provides an auditable time record
- Controlled access to records – access to and use of records must be controlled by authorised and trained personnel and continuously monitored in order to maintain authenticity of records. Records should only be seen by the intended audience and used for specific E.g. medical records (hospital), financial records (accounting), educational records (university).
Confidentiality of records
- Need for controlled access – strict controls are needed. Special permission rights must be given to individual e.g. view, modify, store. When people get transferred to other departments or leave, access must be changed accordingly.
- Maintaining confidentiality – confidentiality must be adhered to and staff should be made aware of the confidential nature of their work and they must be aware that drastic measures will be taken if not adhered to.
SECURITY OF RECORDS
Records management issues arise from concerns for physical security, which restricts access through the use of hardware, facilities, or electronic storage, and logical security, which relates to procedures embedded in software programs to restrict individual access to records. Some of the security measures organisations are using, include establishing user identification systems, assigning security codes and documenting user procedures to keep company records secure.
User identification systems
- User identification and passwords – never tell anyone your password, never write down your password, and change your password often using a combination of letters and numbers. If you do not have a password on your computer that locks access when you are away from your desk, you should seriously consider doing If you are away on a conference or off ill, nobody should be able to access your records on your computer or transfer records from your system to theirs.
- Digital signatures and seals – proves that the document has never been altered since it was Microsoft Office has the facility to put digital signatures and seals on documents.
- Encryption and decryption of messages – translation of data into a secret code that is unintelligible without a deciphering (The message that is sent is changed into mathematical code that can only be unlocked (decrypted) when the receiver enters a key.)
- Biometric identification system e. fingerprints, palm prints, iris scans, speech patterns, retina scans and face recognition. Many organisations in SA are starting to use biometric systems. Nedbank now require clients to place their index finger on biometric fingerprint system to enter the bank, staff at Home Affairs are required to logon to their machines when entering records using a fingerprint identification system and when applying for a visa for some countries you are required to give fingerprint identification using biometric controls.
- Magnetic card based systems
Need for trusted custodian
The custodian must ensure physical records security, preservation of organisational memory, protection of documents, protection of storage media e.g. bank deposit boxes.
User procedures to secure records
Policies and procedures
Document security features
- Security papers (use watermarks), e.g. money
- Security pantograph – this is an instrument used for copying, enlarging, or reducing line drawings that are used as a security device on a printed record or form. Hidden words, company logos or designs, even forensic information appears when the document is photocopied or scanned, preventing unauthorized duplications – and authentication has never been simpler.
- Microprinting – an area on the document can be imprinted with microscopic words that appear to the casual reader as a solid line. On the originals, the words can be read under On copies, the microprinting is unreadable. E.g. money – has microprinting on it in order to stop counterfeit money being made
- Thermochromic ink – the use of heat sensitive ink will cause a change in color of text or will cause text to disappear when heat is applied to the Example – mood ring changes color according to temperature of your body.
- Bleed through numbering – when a specially inked ribbon comes into contact with paper, the numbers appearing on the right side of the document, such as on a check, bleed through and appear red on the reverse side.