Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

Electronic Information Segregation Process

advertisement 
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
Revision History
Date of Revision Description of Change
Originator
12/09/2007
Release
G. Tarnopolsky
03/03/2008
Edit Email procedure. Delete prior paragraph 7.2 requiring
the MS Outlook file password to be set.
G. Tarnopolsky
Reference Documents
Document
Number
Document Title
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 1 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
Table of Contents
1.
2.
3.
4.
5.
6.
7.
8.
9.
Purpose......................................................................................................3
Environmental, Health, and Safety ...........................................................4
Digital Data Storage Segregation Framework ..........................................4
Types of digital information systems .......................................................5
Applications and Applications’ data segregation .....................................6
File Server data (K-Drive) and File Server data segregation ...................7
E-mail procedure.......................................................................................9
Local Storage ............................................................................................9
General Policies ......................................................................................10
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 2 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
1. Purpose
Digital information at the WD Media sites may include customer-related confidential
information. WD respects the confidences and intellectual property rights of others, and
will safeguard any confidential information that may relate to its customers.
Therefore, certain digital information will be segregated and restricted in access.
The purposes of this procedure are:
1.1.
To segregate certain digital information.
1.2.
To grant access to certain digital information only to authorized users.
1.3.
To achieve consistent outcomes to the segregation of digital information.
1.4.
To exert customary and reasonable efforts in safeguarding a reservoir of
information that may contain some information of others.
The digital information in existence at WD Media exhibits a broad spectrum of digital
access rights’ management and access means, namely, access restricted by log-on
authentication protocols, information created by applications with built-in user
authentication processes or by applications lacking such features, unrestricted access,
information accessible by commercial software, etc., etc.
In all cases, the assignment of information to one or another class of segregated
information will be carried out by the information “owners”. The actual process of
information segregation will also be carried out by the information “owners”, unless the
WD Media IT department implements centralized segregation for certain applications.
The term "customer confidential information" is being used in this communication
broadly to identify the topic of discussion, not as any admission that any information
referred to herein constitutes in fact the confidential information of a customer. For
example, a class of information may be identified herein as 'customer confidential
information' for convenience (e.g. to guide how such class of information is later handled
or processed), even though it is not presently known whether the class contains, in fact, any
confidential information of a customer, and even though the class may already be known to
contain mostly WD confidential information that is not the confidential information of
customer.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 3 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
2. Environmental, Health, and Safety
Follow standard WD safety practices at all times.
3. Digital Data Storage Segregation Framework
The discussion in this Section refers to WD Media (formerly, Komag) nomenclature that
may be in-house and specific. No attempt is made to define technical IT terms, an effort
beyond the scope of this document and not conducive to accomplishing the Purpose.
3.1.
“Customer Confidential Information”, or “CCI”, is information
designated/marked confidential by a media/substrate customer when the media/substrate
customer provided the information. The designation of information as CCI is governed
by the contractual relationship between the media/substrate customer and WD Media
(formerly, Komag).
3.2.
The safeguarding of digital information will be accomplished by granting to
employees various levels of digital rights to access the information. Employees’ rights to
access will be managed by log-on credentials to domains and to applications.
3.3.
The rights of employees to access information will be granted by WD
Management.
3.4.
“Red Zone” is a term used to refer to digital information which may contain CCI
in addition to non-confidential information and/or WD confidential information. Because
that information resides in multiple servers, and because certain specific information may
be accessible only by a particular application, the Red Zone exists as distributed storage.
3.5.
“Group A” is an application-specific group of employees. For every application,
employees with access rights to the Red Zone of that application are “Group A” users of
the application. A member of Group A may have access to a certain subset of Red Zone
information of the application, not necessarily to all Red Zone information of the
application or the Red Zone information of other applications.
3.6.
“Green Zone” is a term used to refer to digital information which may contain
non-confidential information and/or WD confidential information but does not contain
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 4 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
CCI. Because that information resides in multiple servers, and because certain specific
information may be accessible only by a particular application, the Green Zone exists as
distributed storage.
3.7.
“Group B” is an application-specific group of employees. For every application,
employees with access rights to the Green Zone of that application are “Group B” users
of the application. A member of Group B may have access to a certain subset of Green
Zone information of the application, not necessarily to all Green Zone information of the
application.
3.8.
By the management of digital access rights, an employee may belong to Group A
of one application and to Group B of a different application. By the same means,
different employees belonging to Group A (Group B) of an application may have
different rights of access to various subsets of the Red Zone (Green Zone) of the
application.
3.9.
“Yellow Zone” is a repository of digital information which at all times has the
same access restrictions as the Red Zone. The Yellow Zone contains information that is
being safeguarded pending its classification into either Red or Green.
3.10.
“Flow Chart” is the “Process for Evaluating WD Media and Customer Info for
Segregation and Restricted Access (for application to electronic and paper documents and
data)” appearing in Appendix I.
3.11.
“Look-Up Table” is the list appearing in Appendix J.
4. Types of digital information systems
For the purposes of this procedure, WD digital information is categorized into one of the
following four categories. The categories differ from each other, among other features,
with respect to the technology of authentication protocols applied to limit access to the data.
4.1.
Databases and the software packages required to run the corresponding
applications (“Applications”).
4.2.
File server data (“K-Drive”)
4.3.
Information in email files
4.4.
Information in desktop computers and laptops local storage devices.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 5 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
5. Applications and Applications’ data segregation
WD Media uses multiple Applications that access specific bodies of information. The
Applications relevant to the data segregation processes are listed in Appendices A and B.
5.1.
The information accessed by and contained in the Applications will be classified
into two categories:
5.1.1. Applications which do not contain customer confidential information.
5.1.2. Applications which may contain customer confidential information (along with
non-confidential information and WD confidential information).
5.2.
The “owners” of the information will determine whether the information belongs
in the Red Zone (application specific) or in the Green Zone (application specific) by
applying the Flow Chart criteria. However, for the Lotus Domino Application, IT will
provide users with a search script for users to scan all documents in the database and flag
those that contain certain keywords.
5.3.
Management may grant to users diverse levels of access to the Applications and
data, according to business needs. In other words, for each Application a user may have
Group A and Group B credentials determined by Management and different from those
of other users of the Application.
5.4.
Some Applications whose authentication protocols lack the specificity required to
selectively grant access rights will be physically segregated. For these Applications and
their associated data, the “Red” and “Green” Zones will reside in physically separate
hardware and domains. Examples: On-line SPC, Test Database (running under SQL
Server).
5.4.1. IRISAOI and Test DB.
5.4.1.1.
The existing IRISAOI and Test DB applications containing both data on
disks for WD & disks not for WD HDD products will remain in the “Komag”
Domain. Access to these applications residing in the “Komag” Domain will
be granted only to Media Operations (MO) users. (Appendix C (a).)
5.4.1.2.
A new server holding the IRISAOI and Test DB, and containing copies
only of data pertaining to WD disks, will be created in the WD domain. Any
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 6 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
users outside of WD MO who require access, will be given access rights to the
applications residing in the WD domain, Appendix C.
5.4.2. Online SPC.
5.4.2.1.
The existing Online SPC application containing only data on disks not for
WD HDD products will remain in the “Komag” Domain. Access to these
applications residing in the “Komag” Domain will be granted only to Media
Operations (MO) users. (Appendix C (b).)
5.4.2.2.
A new server holding the Online SPC and containing copies only of data
pertaining to WD disks will be created in the WD domain. Any users outside
of WD MO who require access, will be given access rights to the applications
residing in the WD domain, Appendix C.
5.4.3. Other applications. The physical segregation of other servers and applications
into physically separate hardware and domains shall be similarly accomplished.
5.5.
Some Applications have built-in authentication protocols, whereby a user with
appropriate credential may access subsets of the information in the database, and not
other subsets. The granting of selective access rights may be accomplished as stated
below:
5.5.1. Without the need to physically segregate the database itself. Example: SAP,
Appendix D; or,
5.5.2. With the need to segregate the database itself. Example: Web ECN under Lotus
Domino, Appendix E.
5.6.
WD Media IT will implement the hardware and software required to accomplish
the data segregation and access restrictions embodied in Sections 5.4 and 5.5.
6. File Server data (K-Drive) and File Server data segregation
The high-level folders in the so-called K-Drive are either Departments or Public Shares.
There are Public Shares ASIA and Public Shares US. The structure of the file server data
(K-Drive) appears in Appendix F.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 7 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
6.1.
“Departments” folder (or similar functionality, with a site-dependent naming
convention). This folder holds subfolders, each belonging to a Department. The access
to the subfolders is restricted to authorized users according to their logon profile.
6.2.
“Public Shares” (K-ASIA, KUS). Read access to this information is widely
available to WM Media staff. The Public Shares include “Public Department Shares”,
not to be confused with the “Departments” of Section 6.1.
6.3.
The information contained in the K-Drive will be segregated into a Red Zone and
a Green Zone.
6.3.1. K-Drive Red Zone. The existing K-Drive (historically, the Komag K-Drive) will
be classified as a Red Zone and will remain in the “Komag” Domain.
6.3.2. M-Drive Green Zone. A new M-Drive will be created and classified as Green
Zone and it will reside in the WD Domain.
6.3.3. Information safeguarding is enhanced since an employee accessing the M-Drive
Green Zone in the WD Domain cannot access information in the “Komag” Domain
unless that person is granted access rights into the “Komag” Domain. (This is
accomplished, in part, because the WD Domain “trusts” [in the IT sense of the verb
“trust”] the “Komag” domain; however the relationship is not reciprocal.)
6.4.
Management will identify K-Drive-specific Group A employees.
6.5.
Segregation of Departments (or similar functionality, with site-specific naming
conventions).
6.5.1. Certain Departments will be transferred to and exist only in the Green Zone. For
instance, Administration, Facilities, Human Resources, Information Services are
Green Zone only Departments. (The complete list of Green-Zone-only Departments
will be established in consultation with Management.)
6.5.2. Departments that may contain CCI will be segregated into Red and Green Zones.
For instance, Equipment Engineering, Failure Analysis, Finance, Materials, NPI,
R&D, and Sales and Marketing will be segregated into Red and Green Zones. See
Appendix G.
6.5.3. The “owners” of the information will determine whether the information belongs
in the Red Zone or in the Green Zone by applying the Flow Chart criteria.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 8 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
6.5.4. The information owners will carry out the actual segregation of the information
into Red and Green Zones.
6.6.
Segregation of Public Shares
6.6.1. Certain general folders will be transferred to and exist only in the Green Zone.
For instance, Ergonomics, FORMS, MSDS, Patent, Safety Health Committee, etc.,
are Green-Zone-only Departments. (The complete list of Green-Zone-only
Departments will be established in consultation with Management.)
6.6.2. Other folders which may contain CCI will be segregated into Red and Green
Zones. For instance, Public Department Shares will be segregated into Red and
Green Zones. See Appendix H.
6.6.3. The “owners” of the information will determine whether the information belongs
in the Red Zone or in the Green Zone by applying the Flow Chart criteria.
6.6.4. The information owners will carry out the actual segregation of the information
into Red and Green Zones.
6.7.
WD Media IT will implement the hardware and software required to accomplish
the data segregation and access restrictions embodied in Sections 6.3 through and 6.6.
7. E-mail procedure
E-mail files may be protected by two layers of restricted access: (i) the employee passwordprotected logon into the WD domain; and, (ii) the Personal Folder password may be set as an
option in MS Outlook. The logon password is enforced by IT. The Personal Folder Outlook
password is a software option which may be implemented by users.
7.1.
Users will port their Personal Folders to the instance of Outlook running in the
WD domain.
7.2.
Messages that contain any customer references and received or created before
September 6, 2007, may not be “Forward”-ed.
8. Local Storage
8.1.
The information in desktop computers and laptops local storage devices (e.g.,
hard drives, CD-Rom’s, flash drives) is under the personal control of the users to whom
the devices are assigned.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 9 of 22
Document No: TBD
Rev. 2
Title: Electronic Information Segregation Procedure
8.2.
Users of local storage devices will exert customary and reasonable efforts in
safeguarding the information therein contained as required by company policies.
9. General Policies
9.1.
Users will be instructed to log-off or lockout their workstations while leaving
them unattended for any extended period of time.
9.2.
Employees will participate in training concerning digital information security.
Employees will be reminded of the corporate policies regarding sensitive information and
will be required to strictly apply the policies.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 10 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX A. List of applications subject to segregation into Red and Green Zones
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed to others or used for purposes other than intended without written
approval of Western Digital
Page 11 of
22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX B. List of Applications restricted to Red Zones
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed to others or used for purposes other than intended without written
approval of Western Digital
Page 12 of
22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX C (a): PHYSICAL SEGREGATION OF IRISAOI AND TEST
DATABASES, AND DATA FLOW THEREOF
Test DB and IRISAOIDB server and
web server before physical
segregation
PHYSICAL SEGREGATION
Red Zone Domain
WD Domain (Green)
New hardware
Database server 1 and web server 1
(Customer data and possibly WD data)
Database server 2 and web server 2
(WD data – NO customer data)
ALL data
WD disks
data
Segregation of information for the
IRISAOI & Test DB’s. Group A
users will access one instance of the
application holding all the IRISAOI &
Test DB data in one server and
database, and Group B users
another instance of the application
running in a different server and
accessing its own database with
data on WD disks only.
INCOMING DATA
RECEIVED BY THE SERVER
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 13 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX C (b): PHYSICAL SEGREGATION OF THE ONLINE SPC DATABASE,
AND DATA FLOW THEREOF
Online SPC database server and
web server before physical
segregation
PHYSICAL SEGREGATION
Red Zone Domain
WD Domain (Green)
New hardware
Database server 1 and web server 1
(Customer data and WD data)
Database server 2 and web server 2
(WD data – NO customer data)
Data on disks
not for WD HDD
products
Data on disks
for WD HDD
products
Segregation of information for the
Online SPC database. Group A
users will access the OLSPC DB
with data on disks not for WD HDD
products in one server and
database, and Group B users will
access the OLSPC DB with only
data on disks for WD HDD products
running in a different server and
accessing its own database.
INCOMING DATA
RECEIVED BY THE SERVER
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 14 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX D: FULLY ACCESS-DRIVEN SEGREGATION OF SAP
“Red” SAP Data
Users
Users
SAP
DB
“Green” SAP Data
SAP for Red & Green Zone
Segregation of information for SAP is accomplished completely by access credentials. Different
users may access selected parts of the database assigned for their access, and not other parts.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 15 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX E: ACCESS-DRIVEN SEGREGATION OF DATA
Grp A
Users
Grp B
Users
ACL
Restricted Users
D
o
m
a
i
n
Application
NSF
“Red” Domino Database
ACL
All Users
Application
NSF
“Green” Domino Database
Segregation of information for certain Applications with built-in authentication protocols. Group
A users will access one database of the application, and Group B users a different database of the
application running in the same server. The access to the information is managed by means of
the Access Control Lists specific to each database.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 16 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX F: DATA STRUCTURE IN THE FILE SERVERS (K-DRIVE)
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 17 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX G: “DEPARTMENTS” SEGREGATION
Departments Yellow and Red Zones reside in the existing Komag domain, and only authorized
users within the Komag domain can access them. The Green Zone will be set up in the WD
domain.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 18 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX H: PUBLIC SHARES SEGREGATION
Public Shares in the Yellow and Red Zones reside in the existing Komag domain, and only
authorized users within the Komag domain can access them. The Green Zone will be set up in
the WD domain. Many folders will exist only in the Green Zone.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 19 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX I.
FLOW CHART FOR SEGREGATION OF DIGITAL INFORMATION
Process for Evaluating Komag and Customer Info for Segregation and Restricted Access
(for application to electronic and paper documents and data)
Start
No segregation or
restricted access.
Green Zone
Yes
Non-“Confidential Information”
Publiclyavailable
info?
*
*
*
*
*
*
*
*
HGST
HGST
HGST
Samsung
Seagate
Seagate
Seagate
Showa
Kurofune 2
Vancouver 4
Vancouver 5
NM40
Galaxy
Nighthawk
Substrates
Substrates
No
Potential “Confidential Information”
Contains info
related to substrate or
media customer?
Yes
Segregate –
Archive. Red
Zone.
No
Needed for
these customer
programs?
No
Continue to apply
WD policies for handling
confidential information.
Green Zone.
Yes
Yes
Segregate – Restrict
access and use for
customer’s benefit
during transition
Yes
Does info fall
into info categories in
Look-up Table?
No
Is customer
program
complete?
Yes
Independently
Created
by Komag?
No
No
If there is doubt as to any of the above decisions, bring the issue to the attention of your manager.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 20 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
APPENDIX J
LOOK-UP TABLE OF INFORMATION CATEGORIES
Notes
(1) The information categories in this list may include customer confidential information,
company confidential information, and non-confidential information.
(2) This list is intended to be used in conjunction with the flow chart entitled “Process for
Evaluating Komag and Customer Info for Segregation and Restricted Access”.
Category
Information
Business
Customer’s forecast volumes
Business
Customer business data:
Organization charts
Production schedules
Agreements with confidential clause about the agreement itself
Business
Loading Plan information
Business
Selling price per customer
Tech
All customer-provided specifications
All customer-provided technology roadmaps
Orders & ECN’s
Mechanical specifications
Magnetic specifications
Manufacturing processes
Test parameters l specifications
Test processes (“recipes”) specifications
Tech
Computer codes: Printed/equivalent (CD’s) listings of
Customer test code
Customer data analysis software
Customer macros and/or firmware
Tech
Data package sent with shipped product
Tech
Data related to customers’ specifications & shipped product
QA Analysis/Evaluation Results
Failure Analysis Requests
Includes customer field reports
Test data on Komag media generated by customer
Failure Analysis Results
Yield performance report
Data reporting formats provided by customer
Tech
Product Audit Buy Off Records
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 21 of 22
Document No: TBD
Title: Pre-Release Draft Electronic Segregation Procedure
Category
Information
Tech
Source Inspection records
Tech
SPC data of products manufactured for customers
Tech
Specifications of hardware (for instance, heads) provided by customers for testing
purposes
Tech/
Business
Customers’ programs code names
Tech/
Business
Notebooks containing records of customer phone call, customer meetings,
customer discussions.
The contents of this document are PROPRIETARY to Western Digital Technologies and WD Media, and are not to be disclosed
to others or used for purposes other than intended without written approval of Western Digital
Page 22 of 22
Related documents
16) Running in and away from the archives
16) Running in and away from the archives
Civil Rights and Beyond Study Guide
Civil Rights and Beyond Study Guide
Chapter 20-22 Study Guide
Chapter 20-22 Study Guide
Jama - Lewiston School District
Jama - Lewiston School District
Civil Rights and Great Society Review:
Civil Rights and Great Society Review:
Day Two Comprehensive Examination Questions Fall 2013
Day Two Comprehensive Examination Questions Fall 2013
The Civil Rights Movements of the 1950`s, 60`s & 70`s -
The Civil Rights Movements of the 1950`s, 60`s & 70`s -
US History- 7.03
US History- 7.03
CIVIL RIGHTS
CIVIL RIGHTS
Download
advertisement