Data Categorization 2019

Scherzer International’s Data Encryption Policy requires encryption to protect any data containing sensitive/proprietary data.

The following standards shall be used:

Data at rest (the device not powered-on)

  • Data at rest should be protected by one of the following
    • Encryption, and/or
    • Strict access controls that authenticate the identity of those individuals accessing the Microsoft Windows best practices suggestions.
  • The use of password protection instead of encryption is not an acceptable alternative to protecting sensitive/confidential information.
  • Systems that store or transmit personal information must have proper security protection, such as antivirus software, with unneeded services or ports turned off and subject to needed applications being properly configured.

Removable media

  • As a general practice SI doesn’t use removable media, but should the need arise Removable Media such as backup tapes that contain sensitive/proprietary data must be encrypted and stored in a secure, locked location. Removable media is only to be used in the event of an emergency and not part of standard operating procedures.
  • Removable Media including, but not limited to USB thumb drives, removable hard drives, CD-ROMs, DVDs, and other media are NOT to be used in transporting information containing PII.
  • In the event a client requests sensitive/confidential information for their search subjects, the receiver of the Removable Media must be identified to ensure the person requesting the data is the one claimed.


  • All the fields in a database that contain sensitive/proprietary data must be encrypted to 256-bit encryption
  • Databases under NO circumstances are to be transported via a laptop or removable devices such as a removable hard drive, optical drive or other media

Transmission Security (Data leaving the SI network)

  • All email and/or data with sensitive/proprietary data transmitted outside the Scherzer International network must be encrypted and/or truncated (e.g. social security numbers being only identified by the last four digits).
  • Any sensitive/proprietary data transmitted through a public network (e.g., Internet) to and from vendors, customers, or entities doing business with Scherzer International must be encrypted or be transmitted through an encrypted tunnel or https with 256-bit SSL encryption. Sensitive/proprietary data must be transmitted through a tunnel encrypted with the [COMPANY NAME] VPN with point-to-point tunneling protocol (PPTP) •Transmitting sensitive/confidential information through the use of personal web email programs or services accounts are not allowed. •Using chat programs or online peer-to-peer file sharing programs are not allowed.
  • Wireless (WIFI) transmissions must be encrypted using WPA2 Enterprise encryption.

Portable Devices

  • Sensitive/proprietary must not be stored on portable devices including but not limited to laptops, smartphones iPhone, Android or Blackberries), digital audio players (iPods), removable hard drives, USB thumb drives and the like.