This policy is to ensure that Information storage media must be managed, controlled, moved and disposed of in such a way that the information content is not compromised. Personal media such as USB devices should not be used, brought in to the offices or connected to any MB device without prior consent. This includes BYOD mobile devices which should be charged from mains chargers and not from the USB port on company assets.
6.5.1 Management of removable computer media (memory sticks, DVDs/CDs, PDAs etc.)
Computer media with sensitive or confidential information are stored in a suitable locked container when not in use. Staff are not permitted to take unencrypted removable media off the Company’s premises, unless specifically authorised. Physical media transfer of data must be encrypted, and password protected. In case of transport by post, the parcel/letter must be sent recorded requiring a signature at the recipient’s end.
6.5.2 IOT and BYOD Device Policy
Staff members are reminded that no IOT device (Wi-Fi Enabled device) should be brought in to the office and/or connected to our company network without consent. This includes all mobile phones, that are not company controlled or authorised, tablet devices, Wi-Fi enabled IOT devices such as kettles, light bulbs etc. All of these can pose a significant threat to the company if they were to be compromised.
Any new devices introduced to our network can only be done so with Security approval. Staff bringing in their own devices are permitted to connect these to our guest networks. 6.6 Disposal of media
Users are advised that unwanted disks, removable media magnetic tapes, CDs, printouts, and other sensitive documents must be disposed of securely and safely, to minimise the risk of sensitive information being disclosed to outside persons.
The Company provides a complete physical disposal programme for all media containing sensitive data [secure shredding] as necessary. Documents and printouts containing sensitive information are shredded.
6.7 Information handling procedures
Procedures for the handling, storage and disposal of information have been established to protect such information from unauthorised disclosure or misuse in the following sections.
6.8 Security of system documentation
The safe keeping of application software documentation (e.g. user manuals, training manuals, and procedures) is the responsibility of the System Manager. Infrastructure documentation is the responsibility of the Infrastructure Department.
6.9 Internet usage policy
This Internet Usage Policy applies to all employees of the Company who have access to computers and the Internet to be used in the performance of their work. Violation of these policies could result in disciplinary and/or legal action leading up to and including termination of employment.