Educause Security Discussion mailing list archives
Re: Securing a document management system
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 9 Mar 2009 08:44:13 -0400
Theresa I am curious about the reason such documents need to be scanned - have the business folks indicated why they need such records and why they couldn't redact the PII before scanning? Or is this scanning for just the HR/payroll department? Allison F. Dolan Program Director, Personally Identifiable Information Massachusetts Institute of Technology 77 Massachusetts Ave NE49-3021 Cambridge MA 02139-4307 Phone: (617) 252-1461 http://mit.edu/infoprotect On Mar 6, 2009, at 8:50 AM, Theresa Rowe wrote:
I'd like to check the collective wisdom of the group on this project: We are implementing a document management system (EMC, Documentum). The documents are stored as JPEGs in the system. We've learned that our community expects to store items that would be classified as personally identifiable information under our state law. This includes copies of: drivers licenses social security cards court ordered name changes such as divorce decrees tax returns with social security numbers Obviously this needs a high standard of security. I read that there are tools out there that encrypt JPEGs (jpegguard). Has anyone found or used a tool for a system like this? Have you implemented such a system? What security safeguards have you put in place? -- Theresa Rowe Chief Information Officer Oakland University
Current thread:
- Securing a document management system Theresa Rowe (Mar 06)
- <Possible follow-ups>
- Re: Securing a document management system Allison Dolan (Mar 09)
- Re: Securing a document management system Theresa Rowe (Mar 09)
- Re: Securing a document management system Allison Dolan (Mar 11)
- Re: Securing a document management system Morrow Long (Mar 11)
- Re: Securing a document management system Karen Stopford (Mar 11)