Removable Media Policy

Version1.0.0 Last Updated2024-01-29 APPROVED

1. Overview

Removable media is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations. AccuCode AI Inc. processes sensitive healthcare documents such as patient charts from hospitals and clinics, making it crucial to minimize the risk of data loss or exposure and reduce the risk of acquiring malware infections on company computers.

2. Purpose

The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by AccuCode AI Inc. and to reduce the risk of acquiring malware infections on computers operated by the company.

3. Scope

This policy covers all computers and servers operating in AccuCode AI Inc.

4. Policy

  1. AccuCode AI Inc. staff may only use removable media in their work computers when strictly necessary for performing their assigned duties.
  2. The use of removable media is discouraged, and staff should seek alternative methods for data transfer and storage whenever possible.
  3. Removable media may not be connected to or used in computers that are not owned or leased by AccuCode AI Inc. without explicit permission from the InfoSec team.
  4. Sensitive information should be stored on removable media only when required in the performance of assigned duties or when providing information required by other state or federal agencies.
  5. When sensitive information is stored on removable media, it must be encrypted in accordance with the AccuCode AI Inc. Acceptable Encryption Policy.
  6. Exceptions to this policy may be requested on a case-by-case basis through the AccuCode AI Inc. exception procedures.

5. Policy Compliance

5.1 Compliance Measurement

The InfoSec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

5.2 Exceptions

Any exception to the policy must be approved by the InfoSec team in advance.

5.3 Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.