1) Why Security and Confidentiality at Work are so important?
It is very important for any company to keep information on its projects protected against possible threats: stealing, espionage and accidental/malevolent deletion. A company which underperforms in the field of confidentiality risks losing trust from its clients, exposing its strategies and future plans to competitors (losing of competitive advantages), losing its business materials, documents and files (prototype designs, estimates, technological specifications, customer and employee files, etc).
Nobody wants to become a bankrupt or to incur severe losses because of imprudence in the field of informational security, and therefore successful companies pay a great attention to this question. In the modern world where different IT systems are widely used in all spheres of life, maintaining of the business confidentiality and informational security strongly refers to questions of electronic data security. The modern systems can provide a great bunch of possibilities for protecting information, particularly in sphere of the project management.
Guidelines which will help you to maintain security and confidentiality:
- Authorization: Information must be provided to employees of the organization only according to their rank in the organization (a level of employee’s authorization implies the degree to which he or she can operate with the business information);
- Limitations: The most sensitive business files and documents should be protected by the access limitations which prevent intrusion of unauthorized personnel or outsiders. The most important level of business information must be opened only to a few persons (some representatives of the top management who have necessary permissions);
- Controlled access: Those who work with information should operate under certain regulations preventing them from causing any accidental or malevolent damages to information. If someone is operating with the important documents (while being granted with a temporal permit for this), then this person shouldn’t be left without supervision. In a case of accessing an electronic data, the information needs to be protected against deletion, copying and modifying;
- Non-disclosure agreements: such agreements should be signed by all employees, depending on their level of authority and position. This document is also called “confidentiality agreement”, and it is a contract between organization and employee where the parties agree not to disclose any information covered by the agreement (trade secrets, personal details, etc);
- Controlled environment: implies using different physical and technological means that prevent inappropriate accessing of information (without proper authorization and approved intentions). In physical sense it means using durable office cabinets with locks, safes, security systems and security personnel. In IT-wise sense this means using effective antivirus systems, well-protected networks, security policies and sophisticated security capabilities of the business software.
2) A way to establish and maintain Security and Confidentiality at Work:
- Assign personal tasks to employees and determine what information they will need for work;
- Consider what information employees will need to know about the tasks of each other;
- Identify information that deserves to be protected:
- It makes a trade secret;
- It makes value for competitors;
- It creates competitive advantages;
- It is used only in internal operations;
- It can be incorrectly interpreted;
- Qualify the company’s information by its confidentiality level, for example:
- Top Secret: the highest level of authorization is required. Only a limited group of few top managers can access these files and work with them as appropriate;
- Functional information: data which is accessed by specific professionals. For example data on Accounting and Sales operations. It must be protected from public disclosure, damage, and accessed only according to its specific requirements, rules and level of importance;
- Personal data: private details of employees and customers, business correspondence, and everything else which cannot be publicized without formal allowance of owners;
- Overt information: data which doesn’t make a business secret, can be publicized;
- Establish personal responsibility of every employee for the data safety and explain everyone’s role in data protection. Capture commitments with a help of Confidentiality Agreement;
- Establish data authorization levels suiting the organizational ranks of employees to:
- Prevent them from accessing data which is beyond their responsibility and needs;
- Protect business data from being studied just out of someone’s curiosity;
- Preventing many unwanted or questionable episodes with the information;
- Authorize the employees to access and freely use data sources which fit their responsibility:
- Establish electronic systems that support authorized access (logins and passwords);
- Hand out special permits to sanction access to cross-functional information;
- Implement procedures and methods for controlled access of the data;
- If some employees need accessing data which is beyond their level of authority, then:
- Make sure this information cannot be accessed without allowance from the manager;
- Create a procedure for requesting and making extracts from protected documents;
- Each session of data accessing will be properly supervised and regulated;
- Make sure everyone understands the importance of business data that he or she works with:
- Information cannot be disclosed or somehow publicized;
- It cannot be modified, copied or transferred to third party representatives;
- Make sure people will keep their passwords and other credentials in secret;
- Make sure sophisticated electronic methods such as password protection and encryption are adopted and supported by the team of qualified IT professionals;
3) A simple way to establish confidentiality with VIP Task Manager:
VIP Task Manager is a client-server product that stands for collaboration between people, so it enables the managers to set confidentiality in terms of particular tasks and projects. Let’s consider simple step-by-step instructions to adjust security settings using this product:
Instruments to be used:
- Resource List;
- Permissions;
- Task Tree mode;
Resource List mode actions:
- Add users accounts to the list (set their logins and passwords);
- When creating new accounts consider option to automatically create personal groups for users;
- Create Roles if necessary (for users who will have the same sets of permissions);
- Enter users’ departments, personal phones and other details;
- See the video-guide on using Permissions;
Task Tree mode actions:
- Create task groups and tasks;
- Define how the tasks and groups belong to users and their departments;
- Assign tasks to users;
- Enable “Permissions Panel” (if it is hidden);
- Allow the team members to “View” and “Edit” the tasks and groups which they will work with;
- Make sure they can see their tasks and operate with them;
|
Play Demo >>
FREE Download CentriQS
