Data Exchange with External Organisations

Confidential data exchanged with external Organisations (or individuals) should be appropriately encrypted.

Exchange of confidential data with other external organisations or individuals must be part of a protocol agreed in advance of the exchange.
This agreement should include:

• A thorough risk assessment. 
• Transmission to be via encrypted communications
• The encryption password must be communicated to the intended recipient via independent and secure means.
  (In most cases it would be appropriate to phone the recipient, and provide the password after checking they are the right person.)
• Equivalent security measures in place at the receiving organisation.

Encryption tool

7-Zip provides strong encryption suitable for encrypting a file before writing to CD or DVD, or sending the file by email or other means.

• http://www.7-zip.org/
• 7-zip user guide 

Note that:

• Most older zip tools only provide weak encryption, and should not be used.
• Password protection features in applications including Word and Excel provide very little protection, and should not be used.

See also

• Memory Sticks
• Other Mobile Storage Media
• Email