I am formulating a methodology for paper (actual and imaged) repositories to place into our Info Sec policy. Current risk categories include:
Sensitivity of info;
Likelyhood of doc/image loss;
Likelyhood of reputational/financial loss due to compromise/loss;
Security of storage methods;
Adequacy of transportation/destructive methods, timing, etc.;
Impact of over-retention of docs/images
Any other risk catagories I have missed anyone can think of?
Sorry, did I just use my outside voice?