DPD Data Security Flowdown
Media Security - The Supplier shall develop and maintain documented processes used to ensure the integrity and security of provided datasets or Specification Control Drawing.
Integrity and security of datasets shall include requirements for;
- Secure storage and retention of provided DPD, supplier created DPD derivatives, and digital product acceptance datasets
- The supplier shall assure that datasets found discrepant are suspended from use and originator is contacted for disposition.
- Encryption protection for sending/receiving of electronically transmitted data.
- Establishing and maintaining a secure data backup and storage system whether local or remote, a disaster recovery process for authority datasets, derivatives and digital inspection media used for product acceptance.
- Access control with permission and/or password protection shall be established in order to ensure that provided datasets shall not be inadvertently modified. This process shall include derivative datasets released for manufacturing and inspection.
- Supplier will have a process to manage and maintain (addition/removal of) supplier employee access to technical data systems.
- Recycling may be used only where procedures are in place to assure continuous security controls throughout the recycling process.
- Export Control – Flow down to sub-tier suppliers shall include ITAR, MLA, MA, TAA, and EAR requirements.