Securely Digitizing Files for Upload to HRS
OverviewIn order to upload various paper documents into HRS, each campus must maintain a solution to digitize these documents. The campus solution for document digitization must adhere to all institutional and UW System policies. Any documents containing Personally Identifiable Information (PII) should be treated as moderate or high risk, depending on the specific information included. More information on how to classify data can be found in UW System Administrative Procedure 1031.A.
UW System Administrative Procedure 1031.B describes the data protections that should be applied to any system that houses or processes moderate or high risk data. Here, we describe the data protections that any system used to digitize documents for storage within HRS must meet to adhere to UW System Administrative Policy 1031 and its associated procedures.
Any system used to store the digitized documents must allow authentication to authorized users only and must be protected by Multi Factor Authentication. Any storage media containing digitized documents must be encrypted (this includes any backup media). Any system transmission must be encrypted (note, transmission to HRS is already encrypted for you).
Digitized documents must not be stored on a scanner or other application for longer than necessary on a local workstation.
Digitizing devices (Scanners) and connected hardware must be connected to the campus network and cannot be accessed on an unsecured network. It is assumed that the campus network is compliant with all UW System Administrative policies.
Workstations and Mobile Devices:
Workstations must use password protection and an inactivity timeout of no more than 30 minutes. Personal devices should not be used.
Data must be masked from casual view to prevent unauthorized access. The system must be locked or logged out when unattended. Any document storage must be in a secured location, including physical copies.
Workstations must run an up to date Anti-Virus, such as Cisco AMP, on a regular basis. Operating systems and drivers must be updated regularly.
Media Sanitization and Disposal:
Storage media must be securely destroyed or use a bonded disposal service.
Potential Technical Controls for Workstations uploading HRS data
Each campus may implement their own specific solution to meet the UW System Administration Policies for digitizing documents for upload to HRS.
Below, we have detailed one potential approach to meeting these requirements.
Proposed Technical Controls for Workstations uploading HRS data:
- Example: BitLocker or VeraCrypt
- For Duo usage see: https://duo.com/docs/rdp
- Other Multi-Factor is acceptable.
- Scanner must not store documents
- Must have no network connections
- Wireless if equipped must be disabled on the device.
- Ethernet Lock: such as Panduit Lock-In Device
Workstations and Mobile Devices
- If system is backed up the backup must be encrypted.
- Secure area – No publicly accessible space
- If device is in a public area the screen should not be casually viewable.
- Privacy Filter: such as Privacy Filter for Diagonal Standard Monitors
- System Lock: such as Kensington
- Drives should be disposed of by DOD 5220.22-M wipe or physical destruction
Additional Recommended Best Practices
1. Regular removal of sensitive documents
- Example: End of Day, End of Week sensitive files should be deleted from the system, including the recycling bin.
2. Internet access should be limited, system should connect to only HRS
3. System should not connect to file shares/servers
4. Scanner USB cable should be locked to desktop USB ports. All other non-needed ports should be disabled
- Mouse, keyboard and scanner should be only allowed items. All other ports should be locked or plugged.
- USB Port Lock: such as Kensington USB Port Lock