Purpose
The purpose of this policy is to provide safeguards for electronic media to prevent loss of access to, or unauthorized disclosure of, University Data.
Scope:
This policy applies to all electronic media used with university Information Systems or University Data.
Policy:
- All electronic media must be securely erased or destroyed prior to disposal, transfer or reuse outside of the university. The University Standard for Media Sanitization must be followed.
- Electronic media containing Restricted Data must be protected from theft, accidental loss or damage in accordance with all UF information security and privacy policies and standards.
Responsibilities:
- All members of the University of Florida Constituency are responsible for protecting electronic media under their use or control.
- All members of the University of Florida Constituency must promptly report loss or theft of electronic media containing Restricted Data to the UF Privacy Office.
- Information Security Administrators (ISAs) are responsible for developing and implementing procedures to protect electronic media.
- The Vice President and Chief Information Officer is responsible for implementing systems and specifications to facilitate unit compliance with this policy.
Authority:
UF-1.0102: Policies on Information Technology and Security
References:
NIST SP 800-53 rev. 3: MP-2, MP-3, MP-4, MP-6, MP-8
SEC-TS-002.01: Media Sanitization Standard