Ensuring that the organisation's IT infrastructure, filing systems and any other devices used for processing personal information meet acceptable security standards.
Ensuring that all electronically held personal information is kept only on designated drives and servers and uploaded only to approved cloud computing services.
Ensuring that servers containing personal information are sited in a secure location, away from the general office space.
Ensuring that all electronically stored personal information is backed-up and tested on a regular basis.
Ensuring that all back-ups containing personal information are protected from unauthorised access, accidental deletion and malicious shacking attempts.
Ensuring that personal information being transferred electronically is encrypted.
Ensuring that all servers and computers containing personal information are protected by a firewall and the latest security software.
Performing regular IT audits to ensure that the security of the organisation's hardware and software systems are functioning properly.
Performing regular IT audits to verify whether the electronically stored personal information has been accessed or acquired by any unauthorised persons.
Performing a proper due diligence review prior to contracting with operators or any other third-party service providers to process personal information on the organisation's behalf. For instance, cloud computing services.