> I believe that multi-functional copiers (combined photo-copier and
> scanner,
> linked to e-mail and fax functionality) may create business and records
> management risks.
Your belief is confirmed =) But to add to the problem, it isn't
limited to multi-function devices. Almost all office copiers that
allow you to "program" jobs or that have a "bypass" or "hold" function
that allow others to break in line and make a copy have many of these
same features. They store images of the set of originals and then make
the copies from those images, and if you go through the "jobs list" you
can recall your job and then make copies of it again without
re-inserting the originals.
> For example: Ability to send images of paper documents, to multiple
> (internal and external) e-mail addresses and faxes, directly from the
> scanner or copier (with very little audit trail, except about date &
> time
> sent). Open access, and proximity to insecure filing cabinets, increase
> risk of intruders copying and sending your confidential stuff to
> external
> addresses. Ability to add and send a 'cover note' (which might contain
> additional business information) to an e-fax or e-mail, without
> retaining a
> copy. Free access to the entire company e-mail address, fax & phone
> book,
> via the copier memory. As per computers, images of confidential
> documents
> retained on the hard disk memory; retrievable even after 'deletion'.
All of the above are true, and the greatest risk is the saving of
images of the documents copies and/or transmitted.
In classified environments where I work, machines with these types of
functions are NOT ALLOWED. Prior to purchasing a facsimile machine,
copier, or any multi-function device, the specifications and manual
must be reviewed to ensure any of these features can be completely
disabled and NOT re-enabled by the users.
> There may be other risks I haven't discovered yet? Controls, for
> example
> restricting access via user pin number; and implementing good RM &
> business
> house rules. Has anyone else any experience or advice to share?
All of that said, you DO have some controls over the process, like
instituting passwords or having "user cards" and a card reader that
only allow the user to access jobs they have run, or you can institute
a "no save" function which clears the memory on completion of the job,
but the password and card reader functions come at a higher price.
Larry Medina
|