Information securityInformation security refers to all the measures taken to ensure that information is available to those who need it, but at the same time protected so that it cannot be accessed by outsiders. It is important that the secure collection, storage, distribution and disposal of data is carefully planned at the outset of a project as part of the data management plan. Defining security procedures and preparing for security incidents is also part of the project's risk management.
Information collected for research purposes must not be disclosed to third parties if it does not belong to them. Particular care must be taken in situations where someone outside the project asks for information about the project. Confidential information cannot be discussed in public places such as cafés or trains, and care must be taken to ensure that no outsider can see confidential information on a computer screen. Proper handling of confidential information must also be ensured at home. Devices must be locked whenever not in use and never left unattended in public places.
Data must always be collected, stored and shared on commonly agreed secure media and platforms. Where appropriate, the processing locations according to Laurea's data classification may be used. The more confidential the data, the higher the level of security arrangements required, including technical encryption, access rights and physical location of the data.
Data must also be backed up where necessary. For example, if data is only stored on your own computer, it will be lost if the computer is lost or breaks down.
The secure disposal of data must also be planned before data collection begins. Ensure that your computer has Bitlocker protection, which encrypts the hard disk. Once encryption is enabled, files on the computer can be deleted by moving the files to the recycle bin and then emptying the recycle bin. If data is stored in cloud services (e.g. OneDrive), the file to be deleted is first moved to the recycle bin and can be restored after 30 days, so the OneDrive recycle bin should also be emptied if necessary.
Unnecessary data, files, emails and temporary files created in connection with the use of IT systems must be deleted when they are no longer needed. Paper material can be disposed of efficiently, for example by shredding or incineration.
If confidential data are processed on some other external storage medium, a separate program for overwriting data must be used for data destruction. The program deletes the file and at the same time overwrites the code so that there is no way of recovering the original file. If necessary, you should seek advice from data protection expert on the destruction o
Laurea-kirjasto | Saavutettavuusseloste | Laurea Library | Accessibility statement