S 2.48 Designating authorised fax operators

Initiation responsibility: IT Security Management

Implementation responsibility: Internal Services Division

Authorisation to use a fax machine is to be restricted to a selected group of reliable employees. These employees are to be briefed on the correct usage of the device and the required IT security measures. Every authorised user is to be notified of the other entitled users and the person in-charge of the fax machine. The fax machine should be accompanied by a comprehensive manual.

By restricting the group of fax operators to the minimum number necessary for operation, it is possible to minimise the number of persons who are able to view incoming fax messages.

Additional controls:

• Does the selected number of fax operators restrict operations?

• Is every user notified of the remaining persons authorised to use the fax machine?