Skip to content

Media Access Policy

Media Protection Policy

Version Draft 0.1

Issued: TBD

Last Updated and Approved TBD

Purpose

Develop, implement and maintain a plan for protecting customer's electronic media.

Media control involves the policies and procedures required to ensure the protection, maintenance, secure transmission, and disposal of the customer's electronic media.

Scope

ZFM System

Responsibilities

Management team and technical team must develop the plan.

Same must review and update the plan on an annual basis.

The technical team is responsible for testing and implementing the plan.

Management Commitment

Management must ensure that the plan is developed, maintained, reviewed, understood and implemented by appropriate staff.

Media Access

Any server (and storage media) used to store customer data should be protected from unauthorized physical access.

Process

This is managed of any web-hosting service used to deploy the system.

Media Sanitization

At this time, no media sanitization is required when customer data is deleted from a server. This includes

  • deletion of databases at the end of a service contract
  • deletion of database backups that have aged out
  • deletion of data copies used during development

When a production server is decommissioned, the web-hosting service is responsible for sanitizing server media.

Process

Not applicable.

Media Use

Removable media should never be used when storing customer data.

Process

Only use web hosting services which do not use removable media.