S 2.56 Avoidance of confidential information on answering machines

Initiation responsibility: IT Security Management

Implementation responsibility: IT-user

At present, it is not possible to protect answering machines completely against possible misuse. For this reason, the recording of confidential information should be avoided; moreover, in situations typically involving the regular exchange of confidential information, the use of answering machines should be carefully judged. Consequently, outgoing messages should point out the inexpediency of leaving confidential messages on the answering machine.

Additional controls:

• Are persons leaving confidential messages aware of the associated risks?

• Are answering machines installed in areas where confidential information is often exchanged?