Removable media is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations.
The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by <Company Name> and to reduce the risk of acquiring malware infections on computers operated by <Company Name>.
This policy covers all computers and servers operating in <Company Name>.
<Company Name> staff may only use <Company Name> removable media in their work computers. <Company Name>removable media may not be connected to or used in computers that are not owned or leased by the <Company Name> without explicit permission of the <Company Name> InfoSec staff. Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or federal agencies. When sensitive information is stored on removable media, it must be encrypted in accordance with the <Company Name> Acceptable Encryption Policy.
Exceptions to this policy may be requested on a case-by-case basis by <Company Name>-exception procedures.
5. Policy Compliance
- Compliance Measurement
The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
Any exception to the policy must be approved by the Infosec team in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.