File Storage Policy Version 1.

0
May 26, 2010

By Erik Eckel

The File Storage Policy requires that all organization data be stored and accessed only on authorized
organization-provided computers and devices. All staff, contractors, consultants, and suppliers are bound by the
terms of this policy.

Purpose
The File Storage Policy ensures that all organization information is accessed and stored only on authorized
systems. By ensuring that organization information is accessed and stored exclusively on authorized systems, the
organization can ensure that its data files and client, supplier, and other business information is properly secured
and protected from unauthorized use.
If organization data is accessed from or stored on unauthorized systems, subsequent theft or loss of those
systems places the organization's information, as well as that of its clients, suppliers, employees, and others, at
risk of significant loss. Further, unauthorized systems and devices must not be used to access or store
organization data at any time, as the improper disposal of those systems and devices may result in substantial
loss and damages. Subsequent fines and reparation costs could result, as well as civil and criminal penalties both
for the organization and the organization representative responsible for the breach, whether intention or
unintentional.

Scope
All organization executives, directors, managers, assistants, and employees, as well as all organization suppliers,
consultants, contractors, interns, volunteers, and other agents, are bound by the terms of this File Storage Policy.

Acceptable use
No organization representative shall access or store organization data of any kind in any format using an
unauthorized server, workstation, laptop, netbook, cellular telephone, or tablet computer. Neither shall any
organization representative access or store organization data of any kind in any format using an unauthorized
flash memory card, thumb drive, USB key, portable hard disk, third-party Web- or cloud-based storage service or
facility or MP3 or other music, audio, or electronic device.
The organization has implemented specific systems and carefully managed controls to protect organization data
accessed from and stored on authorized organization computers and devices. Any organization files should be
accessed directly from the organization’s servers, when appropriate. Any personal information -- including music,
photographs, email, documents, spreadsheets, presentations, databases -- stored on an organization-provided
computer’s Windows Desktops or My Documents folders will automatically be synchronized and copied to the
organization’s servers. Upon the organization representative's separation from the organization, all music,
photographs, email, documents, spreadsheets, presentations, databases, and other files stored by the user on
organization-provided computers remains the property of the organization.

Violations and penalties

All organization representatives must immediately notify the Information Technology Department manager upon
learning of any File Storage Policy violation. Although File Storage Policy violations may result in disciplinary
action leading up to and including termination of employment and civil and/or criminal prosecution under local,
state, and federal laws, the policy’s purpose is not to punish offenders but to prevent data breaches and properly
manage violations that might occur.

Page 1
Copyright ©2010 CBS Interactive. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/
File Storage Policy

Acknowledgment of File Storage Policy

This form is used to acknowledge receipt of, and compliance with, the File Storage Policy.

Procedure
Complete the following steps:
1. Read the File Storage Policy.
2. Sign and date in the spaces provided below.
3. Return a copy of this signed document to the Information Technology department manager.

Signature
Your signature attests that you agree to the following terms:
(i) I have received and read a copy of the File Storage Policy and understand and agree to the same;
(ii) I understand and agree that I will take reasonable precautions necessary to protect all organization
systems, devices, and data from unauthorized use;
(iii) I understand and agree that all organization equipment, devices, and data remain the property of the
organization;
(iv) I understand and agree that, if I leave the organization for any reason, I shall immediately return to the
organization all systems, devices, and data that I may have received from the company that are either in
my possession or otherwise directly or indirectly under my control;
(v) I understand and agree that I will take all reasonable precautions to protect the confidentiality of all
organization equipment, devices, and data during and after my employment with the organization;
(vi) I understand and agree that I am responsible for reporting to the Information Technology department
manager any violations of the File Storage Policy.

______________________________________
Employee Signature

______________________________________
Employee Name

______________________________________
Employee Title

______________________________________
Date

______________________________________
Department/Location

Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your lawyer.

Page 2
Copyright ©2010 CBS Interactive. All rights reserved.
For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/