Version 1.0May 26, 2010

File Storage Policy

By Erik Eckel

The File Storage Policy requires that all organization data be stored and accessed only on authorized organization-provided computers and devices. All staff, contractors, consultants, and suppliers are bound by the terms of this policy.

PurposeThe File Storage Policy ensures that all organization information is accessed and stored only on authorized systems. By ensuring that organization information is accessed and stored exclusively on authorized systems, the organization can ensure that its data files and client, supplier, and other business information is properly secured and protected from unauthorized use.

If organization data is accessed from or stored on unauthorized systems, subsequent theft or loss of those systems places the organization's information, as well as that of its clients, suppliers, employees, and others, at risk of significant loss. Further, unauthorized systems and devices must not be used to access or store organization data at any time, as the improper disposal of those systems and devices may result in substantial loss and damages. Subsequent fines and reparation costs could result, as well as civil and criminal penalties both for the organization and the organization representative responsible for the breach, whether intention or unintentional.

ScopeAll organization executives, directors, managers, assistants, and employees, as well as all organization suppliers, consultants, contractors, interns, volunteers, and other agents, are bound by the terms of this File Storage Policy.

Acceptable useNo organization representative shall access or store organization data of any kind in any format using an unauthorized server, workstation, laptop, netbook, cellular telephone, or tablet computer. Neither shall any organization representative access or store organization data of any kind in any format using an unauthorized flash memory card, thumb drive, USB key, portable hard disk, third-party Web- or cloud-based storage service or facility or MP3 or other music, audio, or electronic device.

The organization has implemented specific systems and carefully managed controls to protect organization data accessed from and stored on authorized organization computers and devices. Any organization files should be accessed directly from the organization’s servers, when appropriate. Any personal information -- including music, photographs, email, documents, spreadsheets, presentations, databases -- stored on an organization-provided computer’s Windows Desktops or My Documents folders will automatically be synchronized and copied to the organization’s servers. Upon the organization representative's separation from the organization, all music, photographs, email, documents, spreadsheets, presentations, databases, and other files stored by the user on organization-provided computers remains the property of the organization.

Violations and penaltiesAll organization representatives must immediately notify the Information Technology Department manager upon learning of any File Storage Policy violation. Although File Storage Policy violations may result in disciplinary action leading up to and including termination of employment and civil and/or criminal prosecution under local, state, and federal laws, the policy’s purpose is not to punish offenders but to prevent data breaches and properly manage violations that might occur.

Page 1

Copyright ©2010 CBS Interactive. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/

File Storage Policy

Acknowledgment of File Storage PolicyThis form is used to acknowledge receipt of, and compliance with, the File Storage Policy.

ProcedureComplete the following steps:

1. Read the File Storage Policy.2. Sign and date in the spaces provided below.3. Return a copy of this signed document to the Information Technology department manager.

SignatureYour signature attests that you agree to the following terms:

(i) I have received and read a copy of the File Storage Policy and understand and agree to the same;(ii) I understand and agree that I will take reasonable precautions necessary to protect all organization

systems, devices, and data from unauthorized use;(iii) I understand and agree that all organization equipment, devices, and data remain the property of the

organization;(iv) I understand and agree that, if I leave the organization for any reason, I shall immediately return to the

organization all systems, devices, and data that I may have received from the company that are either in my possession or otherwise directly or indirectly under my control;

(v) I understand and agree that I will take all reasonable precautions to protect the confidentiality of all organization equipment, devices, and data during and after my employment with the organization;

(vi) I understand and agree that I am responsible for reporting to the Information Technology department manager any violations of the File Storage Policy.

______________________________________

Employee Signature

______________________________________

Employee Name

______________________________________

Employee Title

______________________________________

Date

______________________________________

Department/Location

Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your lawyer.

Page 2

Copyright ©2010 CBS Interactive. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/