Experiences w/ Secure Worker Access Consortium (SWAC)?
Experiences w/ Secure Worker Access Consortium (SWAC)?
(OP)
Does anyone have any experiences/tips for running a successful operation w/ Secure Worker Access Consortium (SWAC) and data confidentiality requirements?
I work for a steel company, which is going to have to set up secure document processes/procedures in a remote setting. Meaning, we will be coordinating shop-drawings & fabricating the steel here and then shipping it hundreds of miles to NYC, all under VERY strict constraints.
I'm mostly looking for general tips on potential pitfalls or situations that could cause my organization to fail a future audit of our document control system, which would be unacceptably damaging to the company's reputation.
What security measures for file access are appropriate for the file sharing? Do we set up a single off-network PC w/ protected flash drives only? Things like that are what I'm after.
Sorry for being very general, I can't share much.
I work for a steel company, which is going to have to set up secure document processes/procedures in a remote setting. Meaning, we will be coordinating shop-drawings & fabricating the steel here and then shipping it hundreds of miles to NYC, all under VERY strict constraints.
I'm mostly looking for general tips on potential pitfalls or situations that could cause my organization to fail a future audit of our document control system, which would be unacceptably damaging to the company's reputation.
What security measures for file access are appropriate for the file sharing? Do we set up a single off-network PC w/ protected flash drives only? Things like that are what I'm after.
Sorry for being very general, I can't share much.
RE: Experiences w/ Secure Worker Access Consortium (SWAC)?
RE: Experiences w/ Secure Worker Access Consortium (SWAC)?
Regardless, as a consultant I've done classified design work for govt agencies that required a security clearance. I've also done work for private sector companies that ranged from borderline paranoid to lackadaisical about security. At both ends of the spectrum, the customer dictates security requirements. Both ends use the same commercial tools for PLM, PM, file-sharing, etc; they just restrict access and spy on employees differently. More-secure govt/corps dont allow local copies (your PC) of CAD or prints, requiring you to be onsite to access CAD and other data servers. They severely restrict file/data sharing and dont allow emailing of screenshots/pics or technical details, nvm CAD/print files themselves. You might be able to access email from home via an intentionally slow VPN (limits data theft before discovery) for corporate news, meeting invites, personnel issues, etc but have to be in-office to do anything worthwhile. Its also not uncommon to have restrictions on carrying personal cell phones or other devices onsite.
My suggestion is to simply have honest conversations with the customer about their security requirements including specifics of how, and the cost to implement them. Some are relatively easy if you have a good IT guy - limiting the size of emails (restricts content), speed of VPN, locking down file saving/sharing within individual programs, use of encryption, etc. Some may be cheaper/easier to manage physically rather than electronically - for offsite work it may be cheaper and easier to simply have an employee carry a laptop or thumb drive back-forth rather than electronically transferring data. Designate an internal security-lead and have them setup a monthly security review with internal and external stakeholders. If your lead needs a starting point, I'd recommend they google/YouTube "ITAR Training" or similar for familiarization.
RE: Experiences w/ Secure Worker Access Consortium (SWAC)?