Control Your Data: Don’t Let the Fear of Cyber Security Stop You From Protecting Your Workforce
So, you’re a safety manager and you want to launch a wearables pilot program? You see the enormous potential that leading indicator safety data can have for your safety and operations teams. What comes next? I bet you’d be surprised to learn that many of the critical next questions that need to get answered are around Cyber Security, Data, IT management, and legal certifications. When wearable data is collected, it needs to be sent across networks and into the cloud for processing and access. Whenever data is sent across the internet, there needs to be clear controls, protection, and security in place to ensure proper handling. That is especially true for data collected via a safety wearable.
In this post, I’ll review what we believe to be the best-in-class approach to preparing your organization to adopt wearables in general, specifically with StrongArm as your provider:
Identify and Understand the Data Collected and Why it’s Important.
The fundamentals in data handling always stem from ‘data classification,’ which defines “How important is this data?”, “What can I do with it?”, and “Who needs to access it?”.
If it’s information StrongArm processes, then we can streamline this process for you with the best possible standards. Think about how you would like this information handled if it was data about yourself. You’d want to be sure it was controlled and used in the right ways to help people do the right thing. You’d also want to be sure it was only accessible to direct stakeholders in the program – the individual, direct management, EHS professionals, and leadership- who all require different levels of aggregation. StrongArm does all of this for its customers and keeps an eye on data regulatory requirements, so your business doesn’t have to worry.
Work with a Company Who Takes Serious Risk Mitigation Efforts
Data security is all about mitigating the risks of information misuse – this includes scary news items like data breaches, data leaks, hackers, disgruntled employees, corporate espionage, etc. While there’s no way to completely remove the risk of these occurrences, there is a lot that can be done to mitigate their likelihood.
ISO 27001 Information Security Management family of standards currently represents the best-in-class set of rules that certify the organization has the proper technology, processes, and policies in place to securely handle data. To this end, StrongArm Technologies is undergoing ISO 27001 certification to radically reduce the risk of any data incidents and prove to our customers by inviting security auditors to review our team, processes, procedures and technology that any data we provide is delivered in a way that gives our customers piece of mind.
There are some key certifications and terminologies to be aware of when doing your due diligence on wearables partners. Vendors should be able to provide you with the following information’s relevance to their technology and how they are addresses:
- International Organization for Standardization (ISO)
- General Data Protection Regulation (GDPR) in the EU
- California Consumer Privacy Act (CCPA)
- Health Insurance Portability and Accountability Act (HIPAA)
Bring your IT team in early to conversations, provide information on the program, understand their concerns, and lean on your provider to do the heavy lifting
As part of integrating new data with your organization there will be many teams to keep in the loop. When it comes to the security of this data, is the primary teams are your IT organization, your security team and StrongArm. All those stakeholders exist to help you with this project. I’ve been through various system integrations, so I know how protective teams can be, but just remember that at the end of the day, all sides want the same thing – success and security. The communication about the goals for the program and how it helps the individuals and the company will get everyone on your side.
Those are just the first things to think about in instituting a wearables program in a secure manner. There will also likely be a request to fill out forms and applications that vary in names such as “Information Security and Management Systems Forms,” “Security Risk and Compliance Review Forms,” etc. These are quite extensive and require several rounds of review within the organization. Getting that started as soon as possible is key. General items covered (including the data collection and classification) are things such as how information is stored and delivered, what are the various encryption and communication protocols used, what are the various web services and access ports required for proper data transfer from your network to StrongArm’s cloud servers, etc. Typically, your provider should have a high level and IT-specific network diagrams providing a visual explanation of the system and how it works within your network.
The fastest way to get through this process is to connect your provider directly to the IT and data security teams to let them hash through the details while providing higher level perspective on timing and program goals.
Ultimately, everyone involved wants to realize the benefits of wearables’ safety data –your IT organization is simply trying to ensure that it is done in a safe and responsible way. StrongArm wants to help protect your people and you can rely on StrongArm to navigate those waters with you. New data elements open the organization to new ways of thinking and spotting issues that may not be always be verbalized. Data should help make your life easier and when set up properly, can enable tremendous benefits and insights. There’s something better than the status quo.