Create and make known the policy about transfers of information to any relevant individual or organization. Rules, protocols, and agreements should secure data when transferred and reflect its classification. Transfer agreements with third parties should be created to protect all forms of information in transit. Controls should prevent interception, unauthorized access, modification, and misrouting. Labeling, traceability, and non-repudiation controls should be implemented. Guidelines for retention and disposal of records should be followed. Electronic transfer controls include malware detection, authentication, prevention of wrong address, and approval for external services. Controls to transfer physical storage media should include courier identification, tamper-resistance, and logs. Verbal transfer control includes screening, appropriate room controls, disclaimers, and confidentiality reminders.