II.C.13     Control of Information

Action Summary

Management should control and protect access to and transmission of information to avoid loss or damage and do the following:

  • Establish and supervise compliance with policies for storing and handling information, including storing data on mobile devices and cloud services.
  • Define and implement appropriate controls over the electronic transmission of information.
  • Facilitate safe and secure disposal of sensitive information.
  • Secure physical media in transit.


Previous Section
II.C.12 Malware Mitigation
Next Section
II.C.13(a) Storage