Media Disposal Policy
Purpose
The purpose of this policy is to outline the proper media disposal at Uncanny Software. These rules are in place to protect sensitive and classified data of employees and Uncanny Software.
Scope
This policy applies to full time employees, contractors, and temporary staff at Uncanny Software. All Uncanny Software personnel with access to classified data and media.
Policy
Disposal Process
All unusable media will be returned to IT personnel. Laptops of off-boarded users will be locked at the EOD of their termination date
Media will be completely wiped and reimaged with new operating system if applicable by IT personnel
After media has been wiped, it will be placed in the server room and labeled as wiped and ready to be discarded
Tooling
The tools for performing a data wipe on laptops are Apple’s Disk Utility as well as functionality supported through Mobile Device Management (MDM) software included on each laptop. If a device is lost or stolen, the MDM's “wipe” feature will erase all content on the device. The device will be required to be rebooted in recovery mode in order to install a new operating system.
If a device is lost or stolen, the MDM's “wipe” feature will erase all content on the device. The device will be required to be rebooted in recovery mode in order to install a new operating system.
Violations
Any violation of this policy may result in disciplinary action, up to and including termination of employment. Uncanny Software reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Uncanny Software does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, Uncanny Software reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy. Any employee or partner who is requested to undertake an activity which he or she believes is in violation of this policy, must provide a written or verbal complaint to his or her manager, any other manager or the Human Resources Department as soon as possible.
References
ISO/IEC 27002:2013 - 17. Security Continuity Management
Related Documents
No documents listed
Revision History
Last updated