You can take various measures to ensure the security of document storage:

• Restriction and regular review of persons with access rights
• Personalised access with specifications for secure passwords and activation of multi-factor authentication
• Encryption of data on the server
• Logging of access to the server and data
• Preventing download options and write permissions

These are just a few examples of how data protection can be increased. For these settings and comprehensive protection, you generally need the support of a specialised IT department. The basic rule is: the more critical the personal data, the more extensive and tighter the protective measures should be.

Task

Add the following to your list:

1. Where are the individual documents stored and who has access to them?
2. How is access to these documents technically implemented? Who manages the access rights? What do the access rights look like in detail? 
3. Finally, assess whether the measures implemented are appropriate for the level of protection of the documents

If you are unable to answer some of these questions, seek support from a specialist department in your organisation.

The document contains the following columns: 

• Column 1: Document (e.g. contact list of the project team, project manual, final report, etc.)
• Column 2: Personal data contained (e.g. name, e-mail address, etc.)
• Column 3: Risk classification (low, limited or high)
• Column 4: Storage location (e.g. online storage, local hard drive, filing cabinet, etc.)
• Column 5: Who has access? (e.g. project partners, internal departments, external persons, etc.)
• Column 6: Access regulations (e.g. password protection, personalised login, etc.)
• Column 7: Final assessment (Are the measures appropriate with regard to the risk categorisation?)