×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Experiences w/ Secure Worker Access Consortium (SWAC)?

Experiences w/ Secure Worker Access Consortium (SWAC)?

Experiences w/ Secure Worker Access Consortium (SWAC)?

(OP)
Does anyone have any experiences/tips for running a successful operation w/ Secure Worker Access Consortium (SWAC) and data confidentiality requirements?

I work for a steel company, which is going to have to set up secure document processes/procedures in a remote setting. Meaning, we will be coordinating shop-drawings & fabricating the steel here and then shipping it hundreds of miles to NYC, all under VERY strict constraints.

I'm mostly looking for general tips on potential pitfalls or situations that could cause my organization to fail a future audit of our document control system, which would be unacceptably damaging to the company's reputation.

What security measures for file access are appropriate for the file sharing? Do we set up a single off-network PC w/ protected flash drives only? Things like that are what I'm after.

Sorry for being very general, I can't share much.
Replies continue below

Recommended for you

RE: Experiences w/ Secure Worker Access Consortium (SWAC)?

Companies I worked with that have similar strict file confidentiality rules used secured databases to house all the documents. No uncontrolled files allowed and all staff had to be trained and sign that they would follow the rules.

RE: Experiences w/ Secure Worker Access Consortium (SWAC)?

Seems like a gimmick to me but not sure I'm understanding their website. Does SWAC provide companies a background check on applicants/employees to review and approve, or is SWAC reviewing and approving applicants/employees on behalf of companies? The first possibility seems no different than how background checks are performed now. The second seems silly bc obviously companies have different opinions of risk factors in background checks, and ultimately employers need to fully understand and own that risk bc it may affect their profit, reputation, etc.

Regardless, as a consultant I've done classified design work for govt agencies that required a security clearance. I've also done work for private sector companies that ranged from borderline paranoid to lackadaisical about security. At both ends of the spectrum, the customer dictates security requirements. Both ends use the same commercial tools for PLM, PM, file-sharing, etc; they just restrict access and spy on employees differently. More-secure govt/corps dont allow local copies (your PC) of CAD or prints, requiring you to be onsite to access CAD and other data servers. They severely restrict file/data sharing and dont allow emailing of screenshots/pics or technical details, nvm CAD/print files themselves. You might be able to access email from home via an intentionally slow VPN (limits data theft before discovery) for corporate news, meeting invites, personnel issues, etc but have to be in-office to do anything worthwhile. Its also not uncommon to have restrictions on carrying personal cell phones or other devices onsite.

My suggestion is to simply have honest conversations with the customer about their security requirements including specifics of how, and the cost to implement them. Some are relatively easy if you have a good IT guy - limiting the size of emails (restricts content), speed of VPN, locking down file saving/sharing within individual programs, use of encryption, etc. Some may be cheaper/easier to manage physically rather than electronically - for offsite work it may be cheaper and easier to simply have an employee carry a laptop or thumb drive back-forth rather than electronically transferring data. Designate an internal security-lead and have them setup a monthly security review with internal and external stakeholders. If your lead needs a starting point, I'd recommend they google/YouTube "ITAR Training" or similar for familiarization.

RE: Experiences w/ Secure Worker Access Consortium (SWAC)?

(OP)
Thanks for the response. I'm entering into this type of work for the first time and am grateful for your overview.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login



News


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close