A standard setting out the requirements an organisation needs to ensure that data is not stolen or misused.
This standard outlines the proper handling of Sensitive Personal Information and Restricted Data and serves as a baseline for monitoring, reporting and enforcement.
The organisation recognises the need to ensure that this data is not released to unauthorised parties as a result of improper handling, unsafe storage, communication problems, or unauthorised data transmissions.
This covers
a) Data in transit directed from inside to outside the organisation,
b) Data at rest and inside the network,
c) Data at rest and in storage on end user devices,
d) Data on removable storage devices.