Recommendation for multifunction devices
The guidelines for multifunction devices must be observed when procuring multifunction devices.
The procurer is obligated to maintain confidentiality and to comply with data protection requirements within the scope of his or her duties. The following information relates to the data protection and security requirements for the procurement of multifunction devices. If there are any uncertainties regarding the requirements, the information security team and/or the data protection officer as well as the data protection coordinators of the University of Paderborn can provide support.
- 1) The multifunction device is capable of storing order data on the internal data carrier in encrypted form (e.g. using AES 256).
- 2) The multifunction device can be configured so that data is automatically deleted from the local device memory after the device has been used (printout, copy, etc.). Alternatively, deletion by the administrator is possible.
- 3) For multifunction devices with USB port, Bluetooth, WLAN, NFC interfaces, it is possible to switch these off or to block their use by entering a password of the administrator's choice.
- 4) If files with data of a Windows file share (SMB/CIFS) are to be stored by the multifunction device, the SMB protocol version 3.0 or higher is supported.
- 5) The device/administration password can be freely selected.
- 6) Firmware update should be possible.
- 7) The multifunction device supports PIN/Smartcard or other (Secure Print) for printing documents.
- 8) If the multifunction device features printing files received via e-mail and/or sending scanned documents via e-mail, the device ideally supports TLS 1.3, at least TLS 1.2, and sending e-mails is only possible after successful authentication (entering user ID and password).
- 9) The multifunction device supports the use of https protocol for management and print data.
- 10) (Remote) maintenance/repair work and disposal that is to be performed on the multifunction devices by an external service provider must always be carried out in conjunction with an order processing contract issued by the University of Paderborn in advance of the work. For this purpose, sample contracts with instructions are available on the University of Paderborn's web pages on data protection. The information still required in the sample contract (especially the appendices) must be completed in part by the service provider, reviewed by the data protection officer of the University of Paderborn and signed by the Vice President for Business and Human Resources Administration of the University of Paderborn.
- 11) The multifunction device supports that the data on the internal storage media can be deleted and/or the data media can be removed in accordance with data protection.
Guidelines for multifunction devices
Guidelines for multifunction devices - Procurement
Guidelines for multifunction devices - Administration
Guidelines for multifunction devices - Use
The devices tested and approved by the information security team are listed in the following spreadsheet.
This spreadsheet is updated on an ongoing basis.
Manufacturer | Model | Technology | Comments |
Brother | HL-L5100DN |
| |
Brother | HL-L6250DN |
| |
Brother | HL-L8260CDW |
| |
Brother | HL-L9310CDW |
| |
Brother | DCP-L3550CDW |
| |
Brother | MFC-J6540DW |
| |
Brother | MFC-L2750DW |
| |
Brother | MFC-L5700DN |
| |
Brother | MFC-L6800DW |
| |
Brother | MFC-L8690CDW |
| |
Brother | MFC-L9570CDW |
| |
HP | LaserJet Enterprise M577 |
|
|
If you are already using devices that are not on the list and that comply with data protection and security requirements, please contact informationssicherheit@uni-paderborn.de.