PR.DS-01.227

Does your organization physically secure all removable media containing unencrypted sensitive information?

Explanation

Removable media (USB drives, external hard drives, SD cards, etc.) containing unencrypted sensitive data presents a significant security risk if lost or stolen. Physical security measures such as locked drawers, safes, or secure rooms help prevent unauthorized access to these devices when not in use. Evidence of compliance could include documented physical security policies specific to removable media, photographs of secure storage locations with identifying information redacted, logs of media check-in/check-out procedures, or results from internal audits verifying proper storage of removable media containing sensitive information.

Implementation Example

Physically secure removable media containing unencrypted sensitive information, such as within locked offices or file cabinets

ID: PR.DS-01.227

Context

Function
PR: PROTECT
Category
PR.DS: Data Security
Sub-Category
The confidentiality, integrity, and availability of data-at-rest are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron