Skip to content

Mobile Device and Storage Media Management

2026.1

Changineers operates fully remote. Changineers issues workforce members a company-owned laptop for business use. Endpoint security relies on the operating system’s native controls, backed by the workforce member’s responsibility to keep them configured.

Production data is held in AWS-managed services (Aurora PostgreSQL, DynamoDB, S3) and encrypted at rest by AWS KMS. Changineers does not use backup tapes or removable storage for production data.

Policy Statements

Changineers policy requires that:

(a) Confidential or critical Changineers data, as defined in the Data Classification Model, must not be stored on USB flash drives or other removable storage media.

(b) Workforce members are responsible for the security of their own computing devices, including full-disk encryption, operating system security updates, and native anti-malware and firewall protections.

(c) Access to Changineers systems from any device is mediated by Google Workspace authentication with enforced multi-factor authentication.

Controls and Procedures

Use of USB Flash Drives and External Storage

Confidential and critical Changineers data must not be stored on USB flash drives or other removable storage. Definitions of confidential and critical data are in the Data Classification and Handling Policy.

Workforce Devices

Changineers issues workforce members a company-owned laptop. Device security relies on the operating system’s native controls, backed by the workforce member keeping them configured.

Workforce members are responsible for:

  • Keeping full-disk encryption enabled (FileVault on macOS, BitLocker on Windows, LUKS on Linux).
  • Keeping the operating system’s native firewall enabled.
  • Keeping the operating system’s native anti-malware and threat-detection features enabled (XProtect and Gatekeeper on macOS, Windows Defender on Windows).
  • Applying operating system and application security updates as they are released.
  • Locking the device when unattended.

Access to Changineers systems from a workforce laptop is mediated by Google Workspace authentication with enforced multi-factor authentication, so that a compromised laptop cannot be used to access business systems without also compromising the user’s Google account.

Revision History

Date Summary Approved by
2020-01 Initial revision. James Gregory
2026-04-24 Adopted policy with current workforce-device procedures. James Gregory