Problem solve Get help with specific problems with your technologies, process and projects.

A policy for CD burners

What should my policy be regarding CD burners in the company? They are becoming cheaper and cheaper, and more project managers are requesting this purchase. I am concerned about information leakage and software piracy.

CDs and burner devices should be handled as any other electronic media devices. Some check points include:

  • Logically and physically secure the CD and burner

    Data should be logically secured to the highest degree commensurate with the sensitivity of the data. The burner units should be physically secured when not in use.

  • Information should be classified prior to burning

    In order to properly protect information assets, all information should be classified. By classifying data, business units can determine the appropriate resources needed to protect information.

  • Information must have an owner

    The information wwner's responsibilities are to classify the information to assure it is properly handled.

  • CDs should be sanitized if no longer required

    Electronic media should be degaussed (electronically sanitized) or otherwise rendered unrecoverable and verified by the use of special file recovery programs. Proof of this activity is mandatory.

  • Verification

    After the media has been sanitized, the responsible technician should document the action with detailed information attached to the originator (owner) request.

  • Identification of sanitized media

    Sanitized media should be individually identified and method should be employed to prevent accidental re-use with an appropriate method to the media.

  • Sanitized prior to re-use

    Any media containing sensitive information should be sanitized prior to re-use to ensure that any sensitive information resident is unretrievable.

  • Off site

    Any magnetic media sent off site (other than backup) should be sanitized prior to leaving the facility.

  • This was last published in September 2001

    Dig Deeper on Information security policies, procedures and guidelines

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.