S 2.112 Regulation of the transport of files and data media between home workstation and institutions

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Employee

In order to work at a home workplace, the employee must have all information required available there. Files, data media, and other documents must be transported securely when they are used at home. For this reason, the type and manner in which data media are transported between a home workplace and the organisation must be regulated. The following items should be considered and/or regulated at a minimum in this case:

Which files, data media, and documents are allowed to be transported using which transportation routes, for example via mail, courier, parcel service, etc. (see S 5.23 Selecting suitable types of dispatch for data media)?
Which safeguards must be taken during transport? This also includes the selection of suitable packaging (see also S 2.44 Secure packaging of data media). Information on digital data media should be encrypted before transportation to prevent the data from being read without authorisation.
Which files and data media are only allowed to be transported by the employee personally?

Since there are often no copies of such papers, documents, and files, the damage caused by their loss must be taken into account when selecting a suitable file exchange procedure. If possible (and allowed), copies should be made of the data media before they are transported.

All employees concerned must be informed about how files and data media must be transported and protected appropriately in so doing.

Review questions:

Are there rules governing how files, data media, and other documents must be protected during transport between a home workplace and the organisation?
Are files, data media, and other documents adequately protected against loss during transport?
Are the employees concerned informed as to how they need to transport files and data media?