S 2.42 Determination of potential communications partners

Initiation responsibility: Head of IT Section, IT Security Management, Data privacy officer

Implementation responsibility: IT Security Management

If information is to be transferred to a communications partner, it must be ensured that the recipient has the authorisation required for processing this information. If information is exchanged between several communicating points, all participants should be able to identify who received or will receive the information. To meet the above-mentioned criteria, specifications must be made as to which communication partners may receive what information.

In accordance with the Federal Data Protection Act (BDSG), Appendix to § 9, Section 1 (Transfer Control), a list of persons authorised to receive information - particularly personal data - via the exchange of data media should be prepared.

Additional controls:

• Do specifications for communication relations exist?

• Are the above-mentioned lists updated regularly?