The challenges faced by HR directors in securing hard copy data, and explains how these can be overcome to ensure sensitive information is kept safe. 

In the age of digital living, we are constantly bombarded with information about keeping online data safe – from password protection to encryption; digital security is often front of mind. However, this means that the security of physical data can sometimes be overlooked. A recent study[1] found that progress toward the ‘paperless office’ is slow – for 42 per cent of organisations, the volume of paper records is still increasing. There are still a vast amount of old systems in place, and many organisations will have to manage both hard copy and digital assets.

However there are many risks associated with having unsecured hard data accessible to anyone – just in the same way that there are risks when digital data is not secured. So, with all the challenges of juggling cyber and physical safety, how do HR directors ensure the security of hard data? When it comes to securing data, there are a number of factors to consider, including digital security, network security, and the security of physical data such as hard copy.

Documents that are classed as ‘sensitive’ may contain information that has value to the business and all other documentation that is not deemed as ‘sensitive’ must be segregated and stored elsewhere, as the security requirements for this data will not be as important. Under the Data Protection Act (1998), organisations must ensure that personal data must only be accessible to authorised persons, so securing hard data is not only crucial but also a legal requirement.

The access control solution for rooms that hold hard copy data must also comply with current standards. For example, EN179 Emergency Escape (for when the building occupants are aware of the building environment), EN1125 Panic Escape (for environments used by the general public) and the new standard EN13637 Electronically Controlled Escape Systems (for use on escape routes) – are essential to ensure safety and security. These standards state that even if a door is electronically controlled for access there must be a compliant mechanical means of escape in an emergency. 

Locking up security
Securing physical data can mean a number of things including controlling access to rooms, buildings, cupboards and cabinets. It’s recommended that security systems provide an audit trail logging access to these areas, to record who accessed which area and when. Consideration should also be given to the transportation of hard data, which should only be undertaken in exceptional circumstances, as maintaining a high level of security in transit can be difficult. It is also imperative that sensitive data is destroyed appropriately, and great care should be taken to ensure this is completed effectively. 

In order to effectively secure hard data, various types of locks and keys can be combined to create a bespoke security solution, which is based on the requirements of the organisation. 

There are web-based security systems available that integrate a mechanical key system with electronics – they require no external power source to provide precise and cost effective control over access permissions, ideal for securing cabinets and rooms that contain hard data. Keys and locks are embedded with data encryption technology, including a unique identification code that cannot be altered or duplicated. Access is managed and controlled using web-based software, meaning access rights can be granted or withdrawn swiftly and easily utilising mobile technology. 

Alternatively, an electronic handle set can offer a secure solution, providing a completely standalone single door system, only granting access to authorised personnel. A card or fob is presented to allow entry, meaning control can be gained over access to rooms containing hard data. Once inside the room, the keys to mechanically lock the personnel record cabinets can be held in a digital key cabinet, which are only available to those with digital PIN entry authorisation; also providing an audit of who has taken which key, and when. 

In an ideal world the complete removal of hard data is desirable to free up physical space and eliminate the significant security threat that it can pose. However this is often impractical, so companies need to put alternative measures in place to combat the risks. Just like digital security, securing hard data is complex and multifaceted. A professional consultant should be engaged to minimise the risks and to create a bespoke solution to ‘lock down’ hard data.

www.abloy.co.uk