Protection of PDF Documents

B

Bilijaf

#1
Hi all,
Thinking about better control of the documentation system, i have converted all procedures into pdf files and published them (password protected) over the internal network of the company for easy access of users. However it is still possible that anyone can copy contents or convert the file into word and alter it.
Can we make additional protection to prevent unauthorized copying or transfer of data to external parties. I am not IT professional so any easy to use method is most welcomed.:bigwave:
Thank you.
 
Elsmar Forum Sponsor

Pancho

wikineer
Super Moderator
#2
Hi all,
Thinking about better control of the documentation system, i have converted all procedures into pdf files and published them (password protected) over the internal network of the company for easy access of users. However it is still possible that anyone can copy contents or convert the file into word and alter it.
Can we make additional protection to prevent unauthorized copying or transfer of data to external parties. I am not IT professional so any easy to use method is most welcomed.:bigwave:
Thank you.
Is your content critical or secret?

Are you concerned about malicious alteration, or stealing of proprietery info?

When you say "anyone", does this mean any of your employees, or folks outside your organization?

Whenever you give read access to someone, you are also giving them copying access unless you set up very special physical controls, such as restricted or monitored libraries and terminals. Few organizations need this.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
Pancho is correct.

There is a point where control ends and discipline begins. We are limited in what can be done to prevent what you are describing. One option occurs to me however, and that is making the procedures available as intranet web pages, viewable as HTML on an access-limited, secured server.

But your dilemma makes me wonder why people are making changes to their documents. What is your process for keeping these documents in line with actual practices? Do the people who use these procedures have any say in the final document?

Do the process documents mismatch the actual process, or are they difficult to use? Are the people attempting to perform improper practices? If either of these questions are answered yes, you have a different problem than document control.

I sense that you need to think this problem through more deeply to resolve the "root cause" problem.
 
B

Bilijaf

#4
Hi Pancho,
The content is not critical. I am concerned about both: alteration and info property.
Anyone is meant any employee. Since they have access to read and print out, they could also copy the whole documentation system as soft copies and transfer it to other organizations competitors to us.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#5
Loss of intellectual property is a big, difficult problem. A combination of personnel security - selecting people you believe you can trust - and engineering controls can work together to help prevent loss. Computers where documents are viewed can be set up to not print, simply by not setting up access to printers. If property loss is a valuable enough concern, you might find hiring an IT person to perform this service, even on a temporary basis, is worthwhile. Otherwise you can research and perform these setup alterations yourself.
 
B

Bilijaf

#6
The loss of property can occur at all levels within the organization. if someone would leave the company a day he can take copy of the system with him. The transfer of data could be through sending by E mails or saving on storage devices. To make restrictions in this regard is difficult for those people. Simply i am looking for a way to "lock" the pdf files and restrict any copy, print or save of any of the contents.
The difficult thing is when those people feel that someone is suspicious of them.
 

Pancho

wikineer
Super Moderator
#7
Hi Pancho,
The content is not critical. I am concerned about both: alteration and info property.
Anyone is meant any employee. Since they have access to read and print out, they could also copy the whole documentation system as soft copies and transfer it to other organizations competitors to us.
As Jennifer points out, it is very difficult to prevent theft of ip from a dishonest employee.

We attempt to control this by

1)
restricting access to truly sensitive documents (a very small subset of our documentation.)

2)
Careful hiring, with heavy weighing of references.

3)
Making sure our employees are happy (reviews, surveys, daily interaction)

4)
Ethics and software use policies, confidentiality agreements.


With the above, we also adopted a very trusting and open approach to documentation. Most of our management system documentation is open to all of our employees and not only to read. We have empowered all to make changes they judge necessary. Docs are on a wiki, all version history is kept, and process owners are immediately notified of any changes to their docs. We implemented this 18 months ago. Most folks in our team contribute enthusiastically, our docs improve rapidly and we have had no instances of malicious damage.
 

Jim Wynne

Staff member
Admin
#8
The loss of property can occur at all levels within the organization. if someone would leave the company a day he can take copy of the system with him. The transfer of data could be through sending by E mails or saving on storage devices. To make restrictions in this regard is difficult for those people. Simply i am looking for a way to "lock" the pdf files and restrict any copy, print or save of any of the contents.
The difficult thing is when those people feel that someone is suspicious of them.
Anything that can be displayed on a computer screen can be copied--see the attachment. If there's no screen-grab program available, a digital camera will suffice. As Pancho and Jennifer have pointed out, you can only do so much to foil malicious intent, and at some level you have to trust people.
 

Attachments

S

samsung

#9
Hi all,
Thinking about better control of the documentation system, i have converted all procedures into pdf files and published them (password protected) over the internal network of the company for easy access of users. However it is still possible that anyone can copy contents or convert the file into word and alter it.
Can we make additional protection to prevent unauthorized copying or transfer of data to external parties. I am not IT professional so any easy to use method is most welcomed.:bigwave:
Thank you.
I see many valuable ideas and suggestions given by experts are worth practicing. Nevertheless, should you still need to further secure your documents, please follow through the steps given in the attachment.

(P.S. : Please note that there are few software products which can still crack the password and leave the document open to copying, printing or even editing yet I am sure people will not go to such extent.

Hope this helps.
 

Attachments

Thread starter Similar threads Forum Replies Date
V Setup for testing against ISO14708 clause 16 (protection of the patient from herms caused by heat) Other Medical Device Related Standards 0
J Surge Protectors and other power protection Manufacturing and Related Processes 7
M Data Protection and Privacy Policy - looking for a template/example EU Medical Device Regulations 1
S Battery powered device - electrical protection requirement IEC 60601 - Medical Electrical Equipment Safety Standards Series 18
B IEC 60601 - Creepage Distance - Relay that acts as a means of physical mechanical protection Process Maps, Process Mapping and Turtle Diagrams 0
F General Data Protection Regulation (GDRP) CE Marking (Conformité Européene) / CB Scheme 6
B Operator protection - When to apply table 7, Dielectric strength test voltage IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Defibrillation protection for patient connection except for electrodes IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
M Applicability of Means of Protection, working voltage in an Automated External Defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
L IEC 60601-1-11 IP22 Compliance - Ingress protection testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
MrTetris GDPR - General Data Protection Regulation - Only applicable to EU data? Other ISO and International Standards and European Regulations 6
M Informational USFDA Final Rule – Human Subject Protection; Acceptance of Data From Clinical Investigations for Medical Devices Medical Device and FDA Regulations and Standards News 0
S Are Defibrillator Protection and Pacemaker pulse detection features mandatory as per IEC 60601-2-25 or 2-27...? IEC 60601 - Medical Electrical Equipment Safety Standards Series 11
S Defibrillator protection test IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
K Is Defib Protection mandatory for wearable ECG? IEC 60601 - Medical Electrical Equipment Safety Standards Series 10
V Software as control or protection will lead to different Software Safety Class? IEC 60601 - Medical Electrical Equipment Safety Standards Series 18
L GDPR scope - "Personal data" definition - General Data Protection Regulation EU Medical Device Regulations 5
S GDPR (General Data Protection Regulation) - My company is ISMS certified IEC 27001 - Information Security Management Systems (ISMS) 3
D IEC 60601 Defibrillation protection test - Metal foil IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
W EU GDPR General Data Protection Regulation - What we need to update for our QMS EU Medical Device Regulations 14
T GDPR - General Data Protection Regulation (EU and UK 2018) Other ISO and International Standards and European Regulations 7
M IEC 60601-1 and Active Current Protection Requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
K Thoughts on the impact of the General Data Protection Regulation? Medical Information Technology, Medical Software and Health Informatics 5
R Internal Audit of Information Security and Data Protection Internal Auditing 6
B Primary lithium battery protection and vented gas IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
P Question on Table 6 "Test voltages for solid insulation forming a MEANS OF PROTECTION IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
K ESD Protection in the Assembly Bay ISO 13485:2016 - Medical Device Quality Management Systems 9
R Determination of IP (International Protection Marking) Rating IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
U USB Connector Operator Protection (MOPP) IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
A IEC 60601-1 cl.15.4.2.1 - Tubular Heating Element (Protection against Overheating) IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
F How to provide 2 MOPP (Means of Patient Protection) - Heating Rod IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
F MOP (Means Of Protection) - Creepage and Clearance questions IEC 60601 - Medical Electrical Equipment Safety Standards Series 19
F Evaluation of MOP (Means of Protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 8
L Intellectual Property Protection - Storage, Access, Distribution, etc ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Use of Y1 capacitors for MOPP (means of patient protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Security Standard referred to as TAPA (Transported Asset Protection Association) Other ISO and International Standards and European Regulations 1
J Data Protection - Documents on Desktops ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S 510(K) Ownership and Protection from Use by Others 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S How to implement protection for multi-winding transformer? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
W Medical Device Single fault test-protection against fire IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
P IEC 60601-1-11 - Medical Electrical Equipment IP (Ingress Protection) Requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
R Protection of Records from Unauthorized Access or Alteration Records and Data - Quality, Legal and Other Evidence 4
L ESD Protection and Danger for Operators Manufacturing and Related Processes 3
E Data Protection Compliance Plan example wanted Misc. Quality Assurance and Business Systems Related Topics 6
M Can I continue using IEC60601-1 Ed2 PSU for MOOP (Means Of Operator Protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
M What is "protection" as in section 7.5.5 "Preservation of product" ? IATF 16949 - Automotive Quality Systems Standard 7
K Employee ESD Protection Methodologies - Need input. Training - Internal, External, Online and Distance Learning 8
G Placing a dollar value on our QMS (we are looking at IP protection) Quality Manager and Management Related Issues 3
kedarg6500 Protection of Data in Calibration Software & ISO 9001 Calibration and Metrology Software and Hardware 4
R Is reversed charging protection necessary for Rechargeable Batteries IEC 60601 - Medical Electrical Equipment Safety Standards Series 13

Similar threads

Top Bottom