Shipment of confidential/highly confidential information

Posted by

I’m working on a project to identify shipping protocols for shipping of confidential or highly confidential (or restricted) information. This could be paper or via electronic (i.e. discs). It goes without saying that anything electronic should be encrypted. I’m more interested in finding out if there is anyone that has giving their employees instruction or guidelines on how to send this type of information especially if they are using a service like UPS/FedEx. Thanks in advance!

—————————–——
Meg Duncan Consulting
—————————-——-


Sorry for the dumb question, however, if the information is truly classified or highly confidential, shouldn’t it be shipped via an armored carrier like Loomis or some such? And wouldn’t they have their own default protocols?


Its not a dumb question. That could very well be the instruction to use the services of ABC armor cars and use their protocols. Which is what I’m looking for. Do you tell your employees that when shipping items of a highly confidential or confidential material to take particular steps to protect the information. Or do you leave it up to them?

I’ve used encrypted external hard drives (multi terabyte) to ship/transport digital files for government contract transitions. These are commercially available drives utilizing physical removable encryption keys. The source maintains one key, the destination maintains the other in a secure controlled manner. The drives can be transported via carrier without the keys. The physical encryption keys never leave the secure facilities

. ——————————
Blanchard Machinery
——————————


Hi,

Thanks, that’s a good idea? Question though is this a company policy/procedure or is it something you and a few others do? Meg

—————————–——
Meg Duncan Consulting
—————————–——


The underlying corporate governance policy required PII to be encrypted/secured during transport outside of our facilities (previous employer, I’m not at liberty to post or share any detailed policies or procedures), the group I was working with developed the hard drive solution due to the volume of data we were working with; SFTP/NDM wasn’t an option. As part of our project oversight/due diligence we reviewed the hard drive encryption specs and physical key handling procedures with corporate data security to be sure we were indeed in compliance with our internal and contractual policies. I believe we physically destroyed the drives and keys once the transition project was over.

——————————-
Blanchard Machinery
——————————-


Thanks! That is helpful.

—————————–——-
Meg Duncan Consulting
—————————–——-

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.