Subsection 3.8: Documentation security
3.8.1
The measures you apply should normally consist of the following:
- Recording and backing up documents by scanning and microfiche, and limiting access to them;
- An updated security plan describing the measures in place to protect documents against unauthorized access and deliberate destruction or loss of documents;
- the classification and secure filing of documents, specifying who is responsible for their processing;
- the resolution of incidents that may jeopardize the security of documents.
3.8.2
Among the measures you apply, should be:
- Checking your system's protection against unauthorized access and recording the results;
- a business continuity and emergency recovery plan;
- the documented corrective measures taken following a specific incident.