Removable Media

Purpose

The intent of this Policy is to ensure that usage of removable media is outlined for use within our organization.

Scope

This policy applies to all Uncanny Software engineering, customer success and product team members. The primary functional components covered is data classified CONFIDENTIAL.

Policy

General Policy

The general policy of Uncanny Software is to not utilize removable media. If files need to be exchanged between individuals or systems then we should utilize the GSuite products for sharing work in a secure environment. Should files need to be shared external to the organization we can utilize our Box account for secure sharing/downloading.

Production Data

UNDER NO CIRCUMSTANCES WILL REMOVABLE MEDIA BE UTILIZED FOR PRODUCTION DATA.

Formally Request Usage

In the rare case someone must use removable storage a written request must be submitted to the InfoSec team for formal approval.

Analyze and Justify the Change

The InfoSec team will analyze the requested change and ask for justification. It should be assumed there is no justification until sufficient evidence is presented to the contrary.

Post-Implementation Review

Once the task has been completed it must be reviewed and logged with specifics as to who the parties were and what files were exchanged. This review should also cover the proper disposal and/or erasure of the device.

Violations

Since following the Removable Media Policy is important for the welfare of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

Definitions

Removable Media - External storage devices like USB drives or external hard drives.

References

ISO/IEC 27001:2013

Data Classification Standard

Revision History

Document history via Github

Last updated 1 year ago