At SecCompany, the manager in charge of information protection makes use of all possible channels to communicate labeling requirements. However, some employees do not understand the requirements. Other employees forget about the requirements or ignore them. Even when labels are properly applied, the information is not always properly handled, stored, and distributed. For example, reports indicate that registered information is sometimes found unattended. Copies of registered information have been left next to copy machines and printers, in break rooms, and in lobbies.
The legal department wants a better way to ensure that information is properly labeled without relying totally on employee compliance. The system administrators want a better way to control the following:
Who can view sensitive information
Who can modify sensitive information
Which information is printed on which printers
How printer output is handled
How email at various levels of security is distributed internally and externally