Policies should be developed to ensure strict compliance and the establishment of authorization rules allowing only essential personnel within the organization to access, view, and share data. It is crucial to regularly review these permissions based on the specified duration for each level in the data classification hierarchy. Additionally, the management of login processes and data access permissions should be conducted using robust and sensitive Access Management Systems.

Ensuring the security of information processing devices, including greeting infrastructure and user devices, from cybersecurity risks by adhering to the application of mentioned controls. Some of these controls include:

• Applying update and security patch packages.
• Reviewing protection and fortification settings for systems handling data.
• Reviewing and fortifying the factory settings of technical assets used in data processing.
• Disabling the screen capture feature on devices that create or process documents

The minimum controls must be applied to ensure the protection of mobile devices within facilities, including laptops, smartphones, and tablets, from risks. This includes securing information and handling data safely during transmission, sharing, and storage on these devices. Centralized management of mobile devices should be ensured using a Mobile Device Management (MDM) system, and the remote wipe feature should be activated

Controls must be implemented to ensure the confidentiality, integrity, and availability of the organization’s data and information. This involves utilizing techniques to prevent data leaks and managing permissions, employing document encryption technologies to facilitate traceability, and enforcing policies that prohibit data usage in any environment other than the production environment. Additionally, the use of Brand Protection services helps safeguard against identity theft.

Controls must be applied to ensure compliance with cybersecurity requirements, guaranteeing proper and effective use of encryption to protect electronic data and information assets within organizations. This includes the use of up-to-date and secure encryption methods and algorithms when creating, transmitting, sharing, and storing data, while considering national encryption standards.

Developing policies and implementing controls to ensure the secure execution of data destruction processes, specifying the technologies, tools, and procedures for carrying out these operations. It is essential to maintain records of data destruction or secure deletion operations, in accordance with legislative and regulatory requirements. Regular review of the established data destruction procedures should also be conducted, adhering to the specified duration for each level in the data classification hierarchy.

It is crucial to establish, document, and endorse security requirements and policies to protect printers, scanners, and photocopiers, ensuring secure handling of data when using these machines. Organizations should conduct regular reviews and audits to assess compliance status and apply cybersecurity requirements for printers, scanners, and photocopiers.

For instance, organizations should disable temporary storage features, activate identity verification before initiating printing, scanning, or copying operations, maintain electronic records of these operations, and utilize document destruction techniques and devices after their completion.