Identify & Remedy Dangerous Working Practices
Improve User Handling of Organizational Records
Files temporarily retrieved from records management systems for editing or reference, must be returned correctly to the records management system after edits have been made and all reference copies must be deleted as soon as work is complete.
Records may not be indefinitely stored in Home Drives, SharePoint Sites, Office365 file shares, or on NAS storage. Records may only be stored in designated records management systems.
- Scan once per week for files containing ‘customer numbers’, ‘employee numbers’, ‘supplier numbers’, social security numbers, credit card numbers, and/or other specific PII/PCI data, that have not been accessed/modified within the past seven days.
- Notify Data Stewards/Records Managers when suspected records have been identified.
- Require that Data Stewards/Records Managers review file lists and perform appropriate actions.