Skip to main content

Two Men Rule

Two Man Rule (aka “4 eyes principle”) #

The challenge of preventing data leakage (DLP) is a topic every company faces sooner or later. Transferring highly sensitive and/or confidential data with a CargoLink is secure and audited. But for some data you may want to double-check that the content is even allowed to leave the company in any form.

Classifying data and labelling them accurately in a digital way is a huge task that even big organisations do not take lightly and thus data leakage prevention is hard to achieve in this way.

With the CargoServer “Two Man Rule” (also called “4 eyes principle”) we can provide a well known and established process based solution: The transfer of documents must be approved by a second person before any recipient is notified and access granted.

Two Men Rule

Process steps #

  1. The sender prepares the CargoLink as usual by selecting the documents and the recipient
  2. The sender configures security settings such as PIN and expiration
  3. The sender stores the CargoLink
  4. The CargoServer automatically sets this CargoLink in a special state which blocks any access and identifies the approver for the sender
  5. The approver is invited by email to evaluate the CargoLink and is given full access to the documents for inspection and review
  6. The approver decides either to approve the transfer or deny it
  7. In case of approval, the invitation email (if configured) is sent and the CargoLink activated as normal
  8. In case of refusal, the CargoLink is deactivated and the process halted

Screenshots #




Good to know #

This feature can be configured system wide to look up an approver via directory services (AD/LDAP) so that no configuration must be done on the system and existing relations in the company (i.e. always select the superior of the user) can be used. Alternatively, this can also be configured per user.

CargoServer also features an automatic fallback mode for approvals to prevent the process from being blocked when the designated approver does not respond within 7 days. In this case, a fallback approver is automatically involved to take the decision.