Analyze documents for content and security before you publish them. Since they may contain metadata (i.e., “hidden” data not immediately viewable), you may inadvertently pass along confidential or sensitive information to individuals inside and outside your organization — information like:
- Title
- 计算机名
- Tracked Changes (redline edits)
- Various document versions
- 评论
- 经理
- Dates created, 修改, and 访问
- 检查
- 客户端
- 性格
许多应用程序(e).g., Microsoft Word and Corel WordPerfect) automatically insert information such as the author, 公司, 经理, 等., every time the document is 保存d. Sometimes hidden information is manually 保存d, such as comments. Applications with versioning capability maintain different versions of the same document within the same file. 编辑工具, such as Track Changes in Word, keep deleted text within the document until the changes are accepted. 除了, some programs keep an “undo-redo” history unless the user chooses not to 保存 the history with the document.
Whether you are writing a report, 网页, 教程, or any other type of document, you must balance the specific information you publish with the security risks that information poses to your 公司, 部门, 机构, 或组织. Analyze your documents for their content and potential security and/or information leaks so that publishing or distributing them won't inadvertently or unknowingly lead to a breach of security or confidentiality.
If your document should not contain any hidden data, do the following before publishing or distributing it, especially if you are the final author or responsible party in a collaboration:
- Remove all the File ► Properties information you don't want to remain with your document.
- Remove all redline edits (e.g.,赛道变更). Make sure the document is the way you want in and “accept all changes” to remove redlining.
- Remove all document comments.
- 在字(词), click on File ► Properties ► Custom tab and individually delete all document owners' and/or reviewers' names.
- Disable “fast 保存s” to ensure deleted information is really deleted.
- Delete previously 保存d versions contained within your document.
- Consider using third party tools to purge or “scrub” your document of all hidden data like number of revisions, 总编辑时间, 创建日期, 修改, 访问, 和印刷. 否则, 保存 your document in PDF format after you have removed as much hidden data as is manually possible.
- If available in your applications, use whatever security options exist to delete all personal information and warn you if your document contains tracked changes or comments before you print, 保存, 或者发送文档.
Follow all the guidelines above, but when you must publish documents that contain personal information or server names, IP地址, 项目计划, 等., post it securely so that only those who have a need to know can access it with the authentication of a user IDs and passwords, 如on或in:
- 安全的内网
- A secured server folder (e.g.、Outlook公用文件夹)
- A secure customized web portal (e.g.Sharepoint)
For more detailed information on the risks of metadata and ways to maintain content and document security, 访问 metadatarisk.org.
Whether you post your documents on a Web site, or simply forward them to a colleague, 遵循最佳实践.
- Proofread your material before publishing it. Make certain it does not contain any personal, confidential, or sensitive material.
- Do not post any confidential or sensitive information in screen grabs or other graphics.
- Do not mention an actual internal (i.e., unavailable to the public) server or IP address. 用假名代替.Do not post infrastructure design documentation.
- Do not post 项目计划s that include design documentation, 规范, 实际服务器名称, 等.
- Remove all hidden data (see next section).
- Publish to PDF format and add security that controls whether or not the user can read or print the document, 或者复制/编辑文本.