|OUHSC Information Technology Department|
Transportation of Media Policy:
Supporting documents: Full policy
Data and information system resource owners must govern the receipt, transfer and removal of electronic media which contain sensitive data.
Sensitive data located on information system resources or electronic media must be protected against theft and unauthorized access. Sensitive data must be consistently protected and managed through its entire life cycle, from origination to destruction.
Information system resources and electronic media for which this policy applies include, but are not limited to, computers (servers, desktops and portable computing devices (PCD)), floppy disks, backup tapes, CD-ROMs, zip drives, portable hard drives and USB storage devices with stored sensitive data.
All electronic media that contains sensitive data must be clearly marked during transport and should have a tracking number associated with it.
There must be a formal, documented process that ensures consistent control of all electronic media and information system resources containing sensitive data while in transport. At a minimum this process must ensure the following:
For PCDs in which the transportation of sensitive data will be a regular or cyclical (more than twice per year) occurrence, a single transport record will meet the above requirement for “record of transport” for each. Each time one of the parameters within the “record of transport” changes, a new record will be required.At least annually, an organization-wide inventory to identify all electronic media which contain sensitive data must be performed. Inventory results must be documented and stored in a secure manner.
|Copyright © 2006 The Board of Regents of the University of Oklahoma, All Rights Reserved.- Disclaimer | Copyright|