Home»Tech Supplement - Original Record(s) Storage
  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size

Tech Supplement - Original Record(s) Storage

Below are the security measures and security procedures Oxcyon follows to ensure the safekeeping of original documents when offering managed hosting services. If Centralpoint is set up on-site or in a cloud environment, the client would need to implement and oversee these same measures. First, an overview on what original or authoritative Documents are in simple terms is like a system or set of rules to manage important papers or digital files in an organized way. Imagine you have a big library, and you need to make sure:

1. All the books are genuine and not fakes.
2. The information in the books is up-to-date.
3. Only certain people can access some special books.
4. If a book gets updated, the old one doesn’t get mixed up with the new one.
5. There's a system to check if someone made changes to a book.
6. And, if there’s any damage or loss, there's a backup book or copy available.

In the same way, authoritative document control ensures that important documents in a company or organization are real, correct, safe, and can be found easily when needed. It's a way to make sure information is trusted, secure, and organized.

Evaluating an authoritative document in a computer system requires a structured approach to ensure authenticity, integrity, and validity. Here are the steps and requirements for a proper evaluation:

1. Authentication of Source:
   - Verify the source of the document. For online resources, check the URL and domain. Is it coming from a recognized and reputable source?
  - Use digital signatures, if available, to confirm the identity of the sender or creator.

2. Check the Integrity of the Document:
   - Digital signatures can also confirm that the document has not been altered since it was signed.
   - Use checksums or hash functions (like MD5, SHA-256) to ensure the document has not been tampered with during transmission.

3. Evaluate the Content:
   - Confirm the content against known standards or benchmarks.
   - Look for recognized seals, logos, or other indicators of quality or accreditation.
   - Check the date of publication or last update. Is the information current?

4. Check Metadata:
   - Metadata can provide context, including author, creation date, and modification history.
   - Metadata can also help in determining the purpose and audience of the document.

5. Ensure Proper Storage:
   - Store the document in a secure location with proper backups.
   - Use encryption to protect sensitive documents.

6. Access Control:
   - Implement access controls to ensure only authorized individuals can access, modify, or delete the document.
   - Regularly review and audit access logs.

7. Maintain Version Control:
   - Keep track of all versions and changes made to the document.
   - Use document management systems that support versioning.

8. Document Lifecycle Management:
   - Ensure there are procedures in place for the regular review, updating, archiving, and eventual disposal of the document.

9. External Validation:
   - If possible, validate the content or findings of the document with external sources or experts.
   - Cross-reference with other authoritative documents.

10. Usability:
   - Ensure that the document can be easily accessed and read by the intended audience.
   - Check compatibility with various devices and platforms.

11. Redundancy Checks:
   - Maintain multiple copies in different locations to safeguard against data loss.

12. Disaster Recovery:
   - Have a plan in place to restore the document in case of data corruption or other catastrophic events.

13. Regular Audits:
   - Periodically review the document and the system it's stored in for security vulnerabilities or other issues.
   - Update systems and software to patch any known vulnerabilities.

14. Feedback Mechanism:
   - Allow for feedback mechanism where the readers or users can report inconsistencies, errors, or suspicions regarding the document.

While these steps provide a comprehensive approach, the specific requirements for evaluating authoritative documents can vary based on the industry, jurisdiction, and the nature of the document itself. Always ensure that you are compliant with any industry-specific guidelines or regulations.
Additional Security Policies and considerations employed by Oxcyon (if providing managed hosting for clients) or recommended for clients On Premise or Cloud, for Authoritative document and record storage, impacting both the servers, environment and data in movement are as follows:.

1. Encryption:
   - Data at Rest: Ensure that the authoritative document, when stored, is encrypted using strong cryptographic methods.
   - Data in Transit: Encrypt data when it's being transmitted across networks. Use protocols like TLS (Transport Layer Security) for secure data transfer.
   - End-to-end Encryption: Ensure that data is encrypted from its starting point to its destination, allowing only the sender and the receiver to decrypt it.

2. Secure Database Management:
   - Isolation: Move the authoritative document into its own secure database or segregate its storage from other non-critical data.
   - Regular Backups: Securely back up the database regularly, and encrypt backups.
   - Database Encryption: Use encryption techniques specific to databases, like Transparent Data Encryption (TDE) in some relational databases.
   - Database Activity Monitoring: Use tools that monitor and alert on suspicious database activities.

3. Secure Access:
   - Role-based Access Control (RBAC): Only allow access to the authoritative document based on the roles of individual users within an organization.
   - Multi-factor Authentication (MFA): Require multiple methods of authentication before granting access.

4. Network Security:
   - Firewalls: Use firewalls to block unauthorized access to the system where the document is stored.
   - Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Monitor and block potential threats in real-time.
   - VPN: If remote access to the document is necessary, ensure connections are made via a secure Virtual Private Network (VPN).

5. Physical Security:
   - Secure Data Centers: If the database or storage medium is on-premises, ensure the physical location has security measures such as surveillance, biometric access, etc.
   - Secure Hardware: Utilize hardware security modules (HSMs) for cryptographic operations.

6. Regular Security Audits and Penetration Testing:
   - Periodically check the system's defenses by simulating cyber-attacks and evaluate your system's vulnerabilities.

7. Patch Management:
   - Regularly update and patch all software, operating systems, and applications to fix security vulnerabilities.

8. Incident Response Plan:
   - Have a well-defined process to handle any security incidents, breaches, or data leaks. This will ensure quick action and damage mitigation.

9. Document Integrity:
   - In addition to digital signatures, use tamper-evident seals or solutions to ensure that any alteration of the document becomes evident.

10. End-of-life Procedures:
   - Have clear procedures for securely archiving, deleting, or destroying the document when it's no longer needed.

Security is a multi-layered approach. Combining multiple security measures, as mentioned above, can provide a more robust protection scheme for authoritative documents. Always evaluate the security measures in place periodically to account for evolving threats and technologies.