Removable Media Policy

Removable media is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations.

The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by Data Migrators and to reduce the risk of acquiring malware infections on computers operated by Data Migrators.

This policy covers all computers and servers operating in Data Migrators.

Data Migrators staff may only use Data Migrators removable media in their work computers. Data Migratorsremovable media may not be connected to or used in computers that are not owned or leased by the Data Migrators without explicit permission of the Data Migrators InfoSec staff. Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or federal agencies. When sensitive information is stored on removable media, it must be encrypted in accordance with the Data Migrators Acceptable Encryption Policy.

Exceptions to this policy may be requested on a case-by-case basis by Data Migrators-exception procedures.

The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

Any exception to the policy must be approved by the Infosec team in advance.

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

The following definition and terms can be found in the SANS Glossary: