The University of San Francisco: Information Technology Services
Information Technology

Portable Media & External Storage Policy

PDF Version: Link

Effective Date: 11-14-2013

Last Updated: 11-14-2014

Responsible University Officer:
Vice President, Chief Information Officer

Policy Owner:
Director, Network and Security Services

Policy Contact:
ITS Help Desk

  1. POLICY STATEMENT
    1. University data classified as “Confidential or Highly Confidential” must be encrypted - see “Encryption Policy” for details.
    2. When USF “Confidential or Highly Confidential” data is electronically stored or archived, it must be encrypted and/or saved to an approved centrally managed secure storage area - see Data Protection Policy (In development).
    3. If a portable media device is used to transfer USF “Confidential or Highly Confidential” data, the said data should be securely erased (i.e. USB keys, flash memory, external hard drive) or confidentially destructed (i.e. CDs/DVDs) following transmission.
  2. REASON FOR POLICY
    1. The purpose of this policy is to establish minimum standards for utilizing and protecting university data transmitted or stored on portable media such as USB keys, flash memory, CDs/DVDs, external hard drives etc. Portable media can be a convenient aspect of university business; however, portable media devices are easily lost or stolen and may cause a security breach. ITS strongly discourages placing University data classified as “Confidential or Highly Confidential” on portable media, which at all times must be properly encrypted.
  3. SCOPE
    1. This policy applies to all university data transmitted or stored on portable media or external storage.
  4. AUDIENCE
    1. All Employees, Faculty and Staff.
    2. Student workers whose job function falls within scope, or is otherwise properly authorized access to USF Data which is categorized as “Confidential or Highly Confidential”.
    3. All contractors, vendors and any other 3rd parties entrusted with University Sensitive Data.
  5. POLICY TEXT
    1. (None)
  6. PROCEDURES
    1. (None)
  7. RELATED INFORMATION
    1. USF ITS Policy, Technology Resources Appropriate Use Policy, http://www.usfca.edu/its/about/policies/aup/
    2. USF ITS Policy, Information Security Policy, http://www.usfca.edu/its/about/policies/infosec/
    3. USF ITS Policy, Encryption Policy, http://www.usfca.edu/its/about/policies/encryption/
    4. USF ITS Policy, Data Protection Policy, (In development)
  8. DEFINITIONS
    1. Confidential Destruction
      1. Rendering a physical document unreadable - i.e. utilizing a (paper/card/disk) shredder or degaussing or securely destroying a hard drive.
    2. Disk Wiping
      1. The process of securely erasing data from a computer's hard drive by writing random data multiple times over disk sectors in hard drive. USF ITS uses a Department of Defense (DOD) 7-pass wipe (writes random data 7 times).
    3. Secure Erase
      1. See Disk wiping.
  9. FREQUENTLY ASKED QUESTIONS
    1. (None)
  10. REVISION HISTORY
    1. 06-01-2013 - Final draft of policy
    2. 11-14-2013 - Approved for publication
  11. COMPLIANCE
    1. Failure to follow this policy can result in disciplinary action in accordance with Human Resources Employment Handbook and Office of General Counsel employee and labor relations. Disciplinary action for not following this policy may include termination, as provided in the applicable handbook or employment guide.
  12. POLICY EXCEPTION PROCESS
    1. No Exceptions.
  13. APPENDICES
    1. (None)