Control of Electronic Media

Purpose

The purpose of this policy is to provide safeguards for electronic media to prevent loss of access to, or unauthorized disclosure of, University Data.

Scope:

This policy applies to all electronic media used with university Information Systems or University Data.

Policy:

  1. All electronic media must be securely erased or destroyed prior to disposal, transfer or reuse outside of the university. The University Standard for Media Sanitization must be followed.
  2. Electronic media containing Restricted Data must be protected from theft, accidental loss or damage in accordance with all UF information security and privacy policies and standards.

Responsibilities:

  1. All members of the University of Florida Constituency are responsible for protecting electronic media under their use or control.
  2. All members of the University of Florida Constituency must promptly report loss or theft of electronic media containing Restricted Data to the UF Privacy Office.
  3. Information Security Administrators (ISAs) are responsible for developing and implementing procedures to protect electronic media.
  4. The Vice President and Chief Information Officer is responsible for implementing systems and specifications to facilitate unit compliance with this policy.

Authority:

UF-1.0102: Policies on Information Technology and Security

References:

NIST SP 800-53 rev. 3: MP-2, MP-3, MP-4, MP-6, MP-8
SEC-TS-002.01: Media Sanitization Standard