Removable Storage Policy
Purpose
The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by Opus Works.
Scope
This policy covers all computers and servers operating in Opus Works.
Policy
- The use of removable media is highly discouraged.
- Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or government agencies.
- When sensitive information is stored on removable media, it must be encrypted in accordance with the Opus Works Computing Policy.
Compliance
Compliance Measurement
The ISMS Committee will request periodic internal reviews whereby they will sample removable media for adherence to the encryption and IW supplied parts of the information, and log the report with the ISMS committee.
Exceptions
Any exception to the policy must be approved by the ISMS Committee in advance.
Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Related Standards, Policies and Processes
- Information Sensitivity Policy
- Cryptographic Controls Policy
- Data Protection Policy
- Device Policy
- Bring Your Own Device Policy
- Acceptable Usage Policy
- Computing Policy
Definitions and Terms
The following definition and terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/
- Encryption
- Removable Media
- Sensitive Information