Technology Standard
|
|
Technology Standard
|
Data Protection - Data Storage Media Protection
Version: 1.0
Status: Approved: 2/21/07
Contact: Director, Technology Services
PURPOSE
To provide guidelines necessary to implement Systems Office and College data storage media protection standards and procedures.
SCOPE
In accordance with the COV ITRM 501-01, Data Storage Media Protection identifies the steps required for the appropriate handling of stored data to protect the System Office and College data from compromise.
APPLICABILITY
The Data Storage Media Protection Standard is applicable to the System Office and all Colleges.
STANDARD
The System Office and Colleges must document Data Storage Media protection best practices to include the requirements listed below.
Requirement:
Data Custodians are individuals or organizations in physical or logical possession of data for Data Owners. Data Custodians are responsible for protection of the data in their possession from unauthorized access, alteration, destruction, or usage.
Requirement:
Sensitive data should not be stored on mobile devices unless there is a documented business need. Data storage media containing sensitive data must be physically and logically secured. Security awareness and training should be provided to those employees who have approval to store such information on mobile devices.
Requirement:
The System Office and College should restrict the pickup, receipt, transfer, and delivery of all data storage media containing sensitive data to authorized personnel only.
Requirement:
The System Office and Colleges should adhere to the procedures in place to address the purging of all data, using software utilities or electromagnetic means, from magnetic storage media such as hard drives, removable disk drives, diskettes, CD-ROMs, zip drives, jump drives, personal digital assistances, and other storage media before they are discarded, in accordance with the ITRM Standard SEC2003-02.1.
