Your data destruction policy is concise and well articulated. The excerpt from the Data Classification policy was helpful to see. The roles and responsibilities were comprehensive as well as the resources for oversight. I wondered about examples of information that should be disposed of and specifics about the Fair Credit Reporting Act. Overall, well done.
Your policy was very easy to read and understand. I really liked your Appendix B portion, and the Data Destruction matrix you created. The matrix makes it very easy for an employee to determine what method needs to be used to correctly destroy the data in compliance with the business’s policy. Also, the Appendix A portion allows personnel to refresh their understanding regarding the business’s data classification differences. Your training video mentioned on slide 4 that employees have to sign an acknowledgement of the policy, but that is not mentioned in the policy itself that I could find. I would suggest adding the acknowledgement form as a third appendix so it is with the policy which ensures updating and review whenever the policy itself is updated and reviewed.
Team 4, Great job on your Data Destruction Policy. It reads very clear and is easy to retain. I particularly found the reference to Appendix A – Excerpt from Data Classification Policy, and Appendix B – Data Destruction Matrix helpful to understand the type of data to be properly destroyed and by what measures in accordance with the policy.
Good job on the Data protection Policy. I am having trouble viewing the video, but overall your policy was easy to understand and concise. I especially like Appendix B – Data destruction Matrix. It makes it very easy for employees to know exactly what to do with ITE and how to properly remove it from service.
I like that fact that you are getting the certificates of destruction from the third party vendor. I have been in places that do not go this far to verify that the destruction has been completed. I also like the data destruction matrix, this gives a clear indication of what and how the data is being removed. The only thing I would suggest is maybe having a legend for the acronyms you have like A+ and Information Technology Equipment. I would think that having the legend would make it cleaner but that is just a minor thing.
There are somethings I really like. First of all, in the video, you give a gap for using this policy. This is very good for the company. It can give enough time for employees to study it and use it.
Then you show the responsibilities in the video. On the one hand, it tells employees that this policy is an official one and be created by formal process. On the other hand, it can tell employees what they should do for this policy after this training.
Next, I like the table which is easy for employees to find how to do for each different files in the video and document. It is real helpful for employees because they may not have lot of time to review all policy. They want to locate what they should do as soon as possible. When they use this table, it can help them save much time. However, I think maybe in the video, you should give us some brief examples about which file can be considered to public and which one is restricted.
Finally, the final slide is very good. It helps employees get to know what kind of document that they would get and sign in because they may sign in many different document after training. This will help them get to know it as soon as possible.
As others have said, the Data destruction matrix was a great tool to allow employee to identify how items can be destroyed. I thought the policy part was very clear and explicit on what actions were to be taken, and I like the idea of 3rd party vendor destruction certificates. That’s a great level of verification.
Nice work on the Data Destruction policy! – I thought they way your policy was structured and written was straight-to-the-point and very easy for new employees to comprehend and adhere to. They were no ambiguities in relation to the duties/roles of each and every employee of A+, as well as to whom the policy governs and applies to.
I thought your video was similar in nature – on-point and very clearly summarizes what the policy is all about. The fact that your company require each and every employee to sign the acknowledgement data destruction policy training is a good means of applying controls.
Do non-IT Operations employees have responsibilities other than to receive this training? Are they reporting up to the managers when a they think Data Destruction needs to happen?
I understand that IT Operations is responsible for the actual destruction/sending media off-site for destruction, but how are they being made aware of the need? Is this a manager’s responsibility? If so, are the managers doing this on an “as needed” basis? For example, some organizations have “Media Destruction Days” which occur several times a quarter, and certain types of media cannot be disposed of outside of those days.
Nice concise policy. I like how in the video there was a Data destruction matrix explaining where to destroy data in relevance to the type of data that it was..It was also a good idea to go over the acknowledgement form, many employees just receive it and don’t really look at it. Including it in the training shows the importance of it as well as help grab the attention of the employee to look at the video.
I think Team 4\A+ corporation did a good job with this assignment. I liked the powerpoint and 3 slides stood out to me. The eighth slide which had the: Acknowledgment of Data Destruction Policy Training document. That serves a good purpose as a employee is sitting through a video or the powerpoint and than the ppt shows the form they will be signing. I also this a good job was done on the slide that lists the 3 Data classifications and then a description of what is public, restricted, and confidential. I like how the policy listed how a third party would be hired to shred documents and destroy physical records and equipment. That level was granular and informative. This project as a whole was short and sweet or the word used by others: concise. Good job!
Your data destruction policy is concise and well articulated. The excerpt from the Data Classification policy was helpful to see. The roles and responsibilities were comprehensive as well as the resources for oversight. I wondered about examples of information that should be disposed of and specifics about the Fair Credit Reporting Act. Overall, well done.
Your policy was very easy to read and understand. I really liked your Appendix B portion, and the Data Destruction matrix you created. The matrix makes it very easy for an employee to determine what method needs to be used to correctly destroy the data in compliance with the business’s policy. Also, the Appendix A portion allows personnel to refresh their understanding regarding the business’s data classification differences. Your training video mentioned on slide 4 that employees have to sign an acknowledgement of the policy, but that is not mentioned in the policy itself that I could find. I would suggest adding the acknowledgement form as a third appendix so it is with the policy which ensures updating and review whenever the policy itself is updated and reviewed.
Team 4, Great job on your Data Destruction Policy. It reads very clear and is easy to retain. I particularly found the reference to Appendix A – Excerpt from Data Classification Policy, and Appendix B – Data Destruction Matrix helpful to understand the type of data to be properly destroyed and by what measures in accordance with the policy.
Good job on the Data protection Policy. I am having trouble viewing the video, but overall your policy was easy to understand and concise. I especially like Appendix B – Data destruction Matrix. It makes it very easy for employees to know exactly what to do with ITE and how to properly remove it from service.
I like that fact that you are getting the certificates of destruction from the third party vendor. I have been in places that do not go this far to verify that the destruction has been completed. I also like the data destruction matrix, this gives a clear indication of what and how the data is being removed. The only thing I would suggest is maybe having a legend for the acronyms you have like A+ and Information Technology Equipment. I would think that having the legend would make it cleaner but that is just a minor thing.
There are somethings I really like. First of all, in the video, you give a gap for using this policy. This is very good for the company. It can give enough time for employees to study it and use it.
Then you show the responsibilities in the video. On the one hand, it tells employees that this policy is an official one and be created by formal process. On the other hand, it can tell employees what they should do for this policy after this training.
Next, I like the table which is easy for employees to find how to do for each different files in the video and document. It is real helpful for employees because they may not have lot of time to review all policy. They want to locate what they should do as soon as possible. When they use this table, it can help them save much time. However, I think maybe in the video, you should give us some brief examples about which file can be considered to public and which one is restricted.
Finally, the final slide is very good. It helps employees get to know what kind of document that they would get and sign in because they may sign in many different document after training. This will help them get to know it as soon as possible.
As others have said, the Data destruction matrix was a great tool to allow employee to identify how items can be destroyed. I thought the policy part was very clear and explicit on what actions were to be taken, and I like the idea of 3rd party vendor destruction certificates. That’s a great level of verification.
Team 4,
Nice work on the Data Destruction policy! – I thought they way your policy was structured and written was straight-to-the-point and very easy for new employees to comprehend and adhere to. They were no ambiguities in relation to the duties/roles of each and every employee of A+, as well as to whom the policy governs and applies to.
I thought your video was similar in nature – on-point and very clearly summarizes what the policy is all about. The fact that your company require each and every employee to sign the acknowledgement data destruction policy training is a good means of applying controls.
Do non-IT Operations employees have responsibilities other than to receive this training? Are they reporting up to the managers when a they think Data Destruction needs to happen?
I understand that IT Operations is responsible for the actual destruction/sending media off-site for destruction, but how are they being made aware of the need? Is this a manager’s responsibility? If so, are the managers doing this on an “as needed” basis? For example, some organizations have “Media Destruction Days” which occur several times a quarter, and certain types of media cannot be disposed of outside of those days.
Good job overall.
Nice concise policy. I like how in the video there was a Data destruction matrix explaining where to destroy data in relevance to the type of data that it was..It was also a good idea to go over the acknowledgement form, many employees just receive it and don’t really look at it. Including it in the training shows the importance of it as well as help grab the attention of the employee to look at the video.
I think Team 4\A+ corporation did a good job with this assignment. I liked the powerpoint and 3 slides stood out to me. The eighth slide which had the: Acknowledgment of Data Destruction Policy Training document. That serves a good purpose as a employee is sitting through a video or the powerpoint and than the ppt shows the form they will be signing. I also this a good job was done on the slide that lists the 3 Data classifications and then a description of what is public, restricted, and confidential. I like how the policy listed how a third party would be hired to shred documents and destroy physical records and equipment. That level was granular and informative. This project as a whole was short and sweet or the word used by others: concise. Good job!