Haystack Associates, Inc. About Haystack

 

 About

Resources

Services

Home

Information  Management Assessment Questions

Security

Do you have policies on what information can be stored off network systems specifically laptops,  local workstations, mobile devices?
Yes  No

Do your records storage practices ensure the privacy and protection of information such as social security numbers, health care information, or account numbers for employees or customers? 
Yes  No

Do you assign access rights based on predefined roles?
Yes  No

Do you use multi-factor authentication to verify access rights?
Yes  No

Do you use encryption to protect sensitive information during transit and at rest?
Yes  No

Retention and Security

Do you have policies and procedures for the retention and destruction of all company records including:

Paper:  Yes  No
Electronic files such as Word or Excel: 
Yes  No
E-mail: 
Yes  No
Draft and working copies: 
Yes  No
W
ebsite content and Social Media:  Yes  No

Information in network databases: 
Yes  No
Network archives and backup files: 
Yes  No

Have your retention schedules and security policies been created or reviewed in the last two years? 
Yes   No

Do you know what the federal, state, or international legal requirements are for the maintenance, retention, storage, protection and disposition of your records?
Yes   No

Litigation Hold Orders

Do you have an accurate map of your information repositories?
Yes  No

Can you respond to discovery requests in a timely manner feeling assured your responses are accurate?
Yes  No

Do you have procedures to halt the destruction of records during litigation or an investigation? 
Yes  No

Can you place a hold on the destruction of information (paper and electronic) and monitor compliance? 
Yes   No

Compliance

Can you track the retention and destruction of records for electronic files, paper, and network backups? 
Yes   No

Can you monitor compliance with policies for security, privacy, and retention schedules? 
Yes   No

Can you identify which records your company has destroyed and the information it still retains? 
Yes  No

Do you have written information security, privacy, retention and destruction policies?
Yes   No

Do you provide formal training to staff on privacy, security, and retention programs?
Yes   No

Do you perform an annual audit to monitor and track compliance with programs and policies?
Yes   No

Do you have a system to authentic if vendors are in compliance with your privacy, security, and retention policies with respect to your information assets and systems?
Yes   No

Do you know what your legal reporting requirements are in the event of a security breach and do you have systems in place to meet these requirements?
Yes   No

If you answered No to the questions above your information management systems need to be updated.

For information please contact Denise Simons by:
E-mail: dsimons@haystackassociates.com
Phone:  (253) 631-1509

Related information:  Compliance Audits, Retention Programs, Information Management

Copyright ©2000 - 2018 Haystack Associates, Inc. All Rights Reserved