|
Confidentiality
because when
clients asks you who has access to their personal information,
you want to respond knowledgeably and confidently. However,
access controls are commonly so flawed or misunderstood that
breaches are more often accidental than malicious. Past practices of subjective discretion
with client and patient data are no longer sufficient.
Federal, state & financial institutions now specifically mandate how sensitive data is secured, stored,
accessed and transmitted. |
Integrity because
customers and employees are your most critical and mobile assets,
and they count on you to manage and maintain their data
accurately. In the past centralized, tightly controlled mainframes made this easy, but today's data is out of
control. Emails, spreadsheets and documents commonly exist
in insecure locations and are often confidential, preliminary
drafts. You have to ensure that the wrong information isn't
accidentally used or released.
|
Availability
means that client or patient data is fully available now.
The combination of storage, power and communications must be
sufficiently robust to weather common disruptions and failures.
In the past, the phrase 'our systems are down' was tolerable but
today it is is unacceptable. A patient being admitted to an
emergency room can't wait for their medical records. New e-Discovery
laws
mean that failure to produce specific documents in litigation
can result in all data being turned over to an adversary.
|