Copying and transmitting
Copying and using photocopiers
To help control protectively-marked information, keep the number of copies to a minimum. Only reproduce protectively-marked information when necessary.
To make copies of protectively-marked information with a copy number, you must get permission from the originator or originating organisation (the person or organisation that created the information). However, it’s better to ask the originator to supply any additional copies that you or your organisation need.
If the originator gives permission to make copies, let them know how many copies you intend to distribute. The originator will then tell you which copy numbers you need to mark on your copies.
Your agency should develop a policy for use of photocopiers, fax machines and similar devices. Devices used to copy and transmit protectively-marked documents come with risks which you must understand and manage.
Photocopiers, fax machines and similar devices, known as multi-function devices (MFDs) may:
- retain images of copied documents that can then be transmitted
- be connected to ICT systems that don’t have the necessary level of protection.
Reducing risks when you copy and transmit protected information
Take the following steps to reduce risks:
- Put approved devices in an area where you can observe all copying and transmitting activity.
- Make sure a designated person stays near the device until all activity is finished.
- Make sure documents are removed from the device as soon as activity is over.
Devices you can’t use for copying and transmitting
If a device is connected to your ICT system and a document has a higher protective marking than your ICT system, you can’t use the device to copy or transmit that document.
You also can’t copy or transmit a protected document using a device connected to a public network, or a fax machine (unless that information is protected in line with the New Zealand Information Security Manual (NZISM) – 11. Communications systems and devices(external link).
Transmitting electronic data
Protectively-marked data that is imported, exported, or transferred electronically must be protected in line with the NZISM – 20. Data Management(external link).