Laserfiche WebLink
III. DATA SECURITY <br /> A. PROTECTION OF DATA. All electronic data provided by WADOC shall be stored on an <br /> encrypted hard drive in a secure environment with access limited to the fewest number of <br /> staff needed to complete the purpose of this Agreement. <br /> 1. Workstation hard disk drives. Data stored on local workstation hard disks shall <br /> be encrypted with a FIPS-approved cryptographic algorithm. Access will be <br /> restricted to authorized users by requiring logon to the local workstation using a <br /> unique user ID and complex password or other authentication mechanisms that <br /> provide equal or greater security,such as biometrics or smart cards. <br /> 2. Network server disks. Data stored on hard disks mounted on network servers and <br /> made available through shared folders shall be encrypted with a FIPS approved <br /> cryptographic algorithm. Access to the data will be restricted to authorized users <br /> through the use of access control lists which will grant access only after the <br /> authorized user has authenticated to the network using a unique user ID and <br /> complex password or other authentication mechanisms which provide equal or <br /> greater security,such as biometrics or smart cards. Data on disks mounted to such <br /> servers must be located in an area which is accessible only to authorized personnel, <br /> with access controlled through use of a key, card key, combination lock, or <br /> comparable mechanism. Backup copies must be encrypted if recorded to <br /> removable media. <br /> 3. Optical discs(e.g., CDs,DVDs,Blu-Rays)in local workstation optical disc drives. <br /> Data provided by WADOC on optical discs that will be used in local workstation <br /> optical disc drives and will not be transported out of a secure area shall be <br /> encrypted with a FIPS approved cryptographic algorithm. When not in use,such <br /> discs must be locked in a drawer, cabinet or other container to which only <br /> authorized users have the key combination,or mechanism required to access the <br /> contents of the container. Workstations which access WADOC Data on optical <br /> discs must be located in an area accessible only to authorized individuals, with <br /> access controlled though use of key, card key, combination lock, or comparable <br /> mechanism. <br /> 4. Optical discs (e.g., CDs,DVDs,Blu-Rays)in drives or other devices attached to a <br /> network. Data provided by WADOC on optical discs that will be used in drives <br /> or other devices attached to a network shall be encrypted with a FIPS approved <br /> cryptographic algorithm. Access to data on these discs will be restricted to <br /> authorized users through the use of access control lists which will grant access <br /> only after the authorized user has authenticated to the network using a unique <br /> user ID and complex password or other authentication mechanisms which <br /> provide equal or greater security,such as biometrics or smart cards. The optical <br /> discs must be located in an area accessible only to authorized individuals, with <br /> access controlled through use of a key,card key,combination lock,or comparable <br /> mechanism. <br /> Washington State K12798 Page 3 of 9 <br /> Department of Corrections Attachment A <br />