1206 Management Database Integrity Protection - The SecureDoc database backups must be transported and stored securely

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

Management Database Integrity Protection - The SecureDoc database backups must be transported and stored securely
While SecureDoc performs an invaluable service ensuring that data is protected by encryption, and that user access to SecureDoc-protected devices is locked down and governed by permitting only specific users to authenticate at Pre-Boot, there are other risks that any security-conscious organization should be aware of and include in its overall security design.
The SecureDoc database backups must be transported and stored securely

The SecureDoc Database should be regularly backed up (a daily backup is recommended, ideally at a point in the day when the data will be more or less quiescent).

Database backups must be stored (on-site or off-site storage) with the same considerations of access security, integrity, damage protection and tampering protection as the SecureDoc data itself merits.  In its capacity to define access to encrypted devices, it must be assumed to be among the most secure information in the organization, and should be treated with appropriately stringent security in mind.

To this end, where stored offsite, the backups should be protected against access by unauthorized individuals, fire, flood, excess humidity or other physical damage, strong electromagnetic fields (if stored in electromagnetic form such as on tape or removable disk drive), etc.
Where such media are stored in a carry box, the box should be protected with a tamper seal which should be checked for integrity when the carry box is returned to restore from (or recycle/re-use) the media.  Any evidence of tampering, missing media must be reported immediately to management and security, and be logged.

Appropriate processes should be used to provide absolute certainty as to which media will be required to restore the SES database to a point in time.  These should include written processes, checklists, signed backup logs that track when backups are taken, which media were used, when media was taken offsite, when returned from offsite storage, who sent it, who received it, etc.

Related articles