Clay & Craft Renovations handles various types of sensitive information that must be protected throughout the lifecycle of the digital media on which it resides. Our business environment includes:
Storage of client financial information subject to privacy regulations and industry standards
Maintenance of detailed property layouts and security system specifications for high-value residences
Development of proprietary renovation techniques and designs that constitute valuable intellectual property
Documentation of smart home system configurations containing network details and access credentials
Processing of Personal Health Information (PHI) related to accessibility modifications subject to HIPAA requirements
Creation of media-rich content through our Reality Media Services division, containing detailed client property information
This policy establishes requirements for properly handling digital media (computers, hard drives, USB drives, memory cards, etc.) to protect confidential information throughout its lifecycle.
You must follow these procedures to prevent unauthorized disclosure of sensitive information and maintain compliance with regulatory requirements.
For questions regarding this policy, contact CISO/Deputy CIO at 667-556-4445 or admin@hq.clayandcraftrenovations.com.
2.1. You must never dispose of any company-owned digital media yourself. All media must be returned to the IT Department regardless of condition.
2.2. You must submit a Media Handling Request Form to the IT Department when you have media that needs to be wiped, transferred, or disposed of.
2.3. You must clearly label media containing sensitive information as “Confidential” and maintain secure custody of it at all times.
2.4. You must transport all digital media in a secure manner, using locked cases for sensitive information.
2.5. You must report lost or stolen media immediately to the Information Security Department and your manager.
2.6. You must maintain a log of digital media in your possession, including asset tags, assigned user, and information classification.
3.1. You must submit all digital media that needs to be erased to the IT Department using the Media Handling Request Form.
3.2. You must specify on the form if the media contained highly sensitive information such as client financial details, PHI, or security system configurations.
3.3. You must not attempt to sanitize company digital media yourself using software tools or physical methods.
3.4. You must wait for confirmation from the IT Department that sanitization is complete before considering the media safe for reuse or disposal.
4.1. You must request sanitized media from the IT Department at least two business days before you need it.
4.2. You must verify the media has been properly labeled with sanitization date and new assignment information before accepting it.
4.3. You must report any performance issues with reused media to the IT Department immediately.
4.4. You must not transfer reused media between departments without proper documentation and IT Department approval.
5.1. You must submit digital media for destruction when it is no longer needed or functioning properly.
5.2. You must not attempt to destroy any company digital media yourself, regardless of the condition of the media.
5.3. You must submit media for destruction using the Media Destruction Request Form available on the company intranet.
5.4. You must obtain a receipt from the IT Department confirming they have received media for destruction.
5.5. You must follow up with the IT Department if you have not received confirmation of destruction within 30 days.
6.1. To request media sanitization, reuse, or destruction:
6.2. For emergency assistance with media handling, call the IT Help Desk at ext. 4623.
6.3. The IT Department will process standard media handling requests within 5 business days of receipt.
6.4. The IT Department will provide a Certificate of Destruction for media containing sensitive information upon request.
7.1. Violations of this policy will result in disciplinary action up to and including termination of employment.
7.2. The Information Security Department and IT Asset Management are responsible for enforcing this policy.
7.3. The company will conduct regular audits of media handling procedures to ensure compliance with this policy.
7.4. This policy will be reviewed annually and updated as needed to address new technologies and regulatory requirements.