Sensitive Information

Kevin Coleman Subject Matter Expert, Author, Speaker and Strategic Advisor| - Insights Pa, United States

In the initial planning of a project, do you review and determine what, if any, sensitive information will be a part of the project?

Posted: Jul 22, 2015 7:51 PM

Sort By:

Dr.Vijayakumar Ramasamy Senior Project Manager| RnD Project Management/NPI Kuala Lumpur, Malaysia

Yes, especially when it involves external design/manufacturing team. We also got determine the right proprietary tag for related documents (eg confidential/restricted..etc) , NDA..etc.

Posted: Jul 22, 2015 10:11 PM

arlene trimble Assistant IT Director| Local Government Alamo, Ca, United States

Yes. Sensitive information needs to be discussed upfront as well as confidentiality and security issues so that risks can be identified and managed as necessary.

If you plan to store sensitive information, you need to also discuss how to enter, display, and retrieve this type of information and the permissions necessary.

If you are implementing a third party system, you need to make sure that the third party system or vendor has the necessary and current security certification or privacy compliance attestation or certificate. I agree the third party vendors need to sign an NDA or Business Associate Agreement. In some organizations I have worked for, third party companies are also required to be insured for a certain $ amount as well.

Posted: Jul 23, 2015 12:33 AM

Rubaiyyaat Aakbar Head of IT and Cybersecurity| DocDoc Singapore, Singapore

Yes of course should be part of requirement analysis to cover information classification, information security requirement, access control etc and also included in communication plan to ensure appropriate target audience.

Posted: Jul 26, 2015 1:02 AM

Michael Adams Solutions Architect| LANL Los Alamos, Nm, United States

We do that in my office. The problem I encounter most often, however, is that people have developed specific processes to keep sensitive information private, and they have come to believe the process is a requirement, rather than the security of the information. It can be challenging to have them consider alternative means of keeping sensitive information private outside of their already defined process.

Posted: Jul 26, 2015 1:11 PM

Joanna Newman Head of Innovation and Transformation , Telecoms| Vodafone Cholderton, United Kingdom

Yes and agree the process to contain / reference it

Posted: Jul 27, 2015 1:03 AM

Tim PM Project Manager| NHS Yes, United Kingdom

Of course you would. Why the question?

Posted: Jul 27, 2015 6:57 AM

Kevin Coleman Subject Matter Expert, Author, Speaker and Strategic Advisor| - Insights Pa, United States

@ Tim PM - The reason for the post was a project document that I read that contained information that a competitor would love!! The info was not identified and their were no marking on the doc to indicate it contained sensitive info. Also it was pointed out to me that this is not part of any public methodology.

Posted: Jul 27, 2015 8:47 AM

Please login or join to reply

Sensitive Information

Sponsors

Vendor Events

Guessing is not a strategy: How to build decision velocity with AI and real-time data

Newsletters