Current timestamp: 23/03/2025 13:34:41
AgeAlertAnonymousAppealsApplicationsApply Or RegisterArea OutlineArrow DownArrow LeftArrow RightArrow UpAutomatic DoorsBack ArrowBusinessCalendarCashArrow DownArrow LeftArrow RightArrow Down[Missing text '/SvgIcons/Symbols/Titles/icon-chrome' for 'English (United Kingdom)']ClockCloseContactDirectionsDocumentDownloadDrawDrugExpandExternal LinkFacebookFb CommentFb LikeFiletype DefaultFiletype DocFiletype PdfFiletype PptFiletype XlsFinance[Missing text '/SvgIcons/Symbols/Titles/icon-firefox' for 'English (United Kingdom)']First AidFlickrFraudGive FeedbackGlobeGuide DogHealthHearing ImpairedInduction LoopInfoInstagramIntercom[Missing text '/SvgIcons/Symbols/Titles/icon-internet-explorer' for 'English (United Kingdom)']LaptopLiftLinkedinLocal ActivityLoudspeakerLow CounterMailMapMap PinMembershipMenuMenu 2[Missing text '/SvgIcons/Symbols/Titles/icon-microsoft-edge' for 'English (United Kingdom)']Missing PeopleMobility ImpairmentNationalityNorth PointerOne Mile RadiusOverviewPagesPaper PlaneParkingPdfPhonePinterestPlayPushchairRefreshReportRequestRestart[Missing text '/SvgIcons/Symbols/Titles/icon-rotate-clockwise' for 'English (United Kingdom)']Rss[Missing text '/SvgIcons/Symbols/Titles/icon-safari' for 'English (United Kingdom)']SearchShareSign LanguageSnapchatStart AgainStatsStats And Prevention AdviceStopSubscribeTargetTattosTell Us AboutTickTumblrTwenty Four HoursTwitter LikeTwitter ReplyTwitter RetweetUploadVisually ImpairedWhatsappWheelchairWheelchair AssistedWheelchair ParkingWheelchair RampWheelchair WcYoutubeZoom InZoom Out

Leave this site

Skip to main content

Skip to main navigation

Welcome

This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.

Removable Media Policy

1. Statement of Policy

Dyfed-Powys Police ensures the controlled use of removable media devices to store and transfer information by all users who have access to information, information systems and ICT equipment for the purposes of conducting official Dyfed-Powys Police business.

This document states the Removable Media policy for Dyfed-Powys Police and is to be read in conjunction with the Removable Media Guidelines. The policy and guidelines establish the principles and working practices that are to be adopted by all users in order for data to be safely stored and transferred on removable media.

This policy ensures that the use of removable media devices is controlled in order to:

  • Enable the correct data to be made available where it is required.
  • Maintain the integrity of the data.
  • Prevent unintended or deliberate consequences to the stability of Dyfed-Powys Police systems.
  • Avoid contravention of any legislation, policies or good practice requirements.
  • Build confidence and trust in the data that is being shared between systems.
  • Maintain high standards of care in ensuring the security of sensitive information.
  • Prohibit the disclosure of information as may be necessary by law.

Applies (but not limited) to: All categories of Dyfed-Powys Police Officers and staff whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates and contractors), seconded staff and volunteers.   Polie Officers, staff and volunteers accessing and using Force assets and property must have due regard to the contents of this policy.

 

2. Policy Scope

This policy must be adhered to at all times, specifically whenever any user stores or transfers any information used by Dyfed-Powys Police to conduct official business on removable media devices.

Removable media are data storage devices capable of computer system removal without powering off the system. Removable media devices are used for backup, storage or transportation of data.

This policy does not refer to Mobile Data Devices issued to officers, there is a separate policy covering the use of these devices.

Dyfed-Powys Police recognises that there are risks associated with users accessing and handling information in order to conduct official business.

Securing data is of paramount importance – particularly in relation to the need to protect data in line with the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation.

Any loss of the ability to access information or interference with its integrity could have a significant effect on the efficient operation of Dyfed-Powys Police. It is therefore essential for the continued operation of the Force that the confidentiality, integrity and availability of all information recording systems are maintained at a level, which is appropriate to Dyfed-Powys Police requirements.

This policy and associated guidelines aim to mitigate the following risks:

  • Disclosure of information as a consequence of loss, theft or careless use of removable media devices.
  • Contamination of the Dyfed-Powys Police networks or equipment through the introduction of viruses through the transfer of data from one form of ICT equipment to another.
  • Potential sanctions against Dyfed-Powys Police or individuals imposed by the Information Commissioner’s Office as a result of information loss or misuse.
  • Potential legal action against Dyfed-Powys Police or individuals as a result of information loss or misuse.
  • Dyfed-Powys Police reputational damage as a result of information loss or misuse.

Non-compliance with this policy could have an adverse effect on the efficient operation of Dyfed-Powys Police and may result in financial loss and an inability to effectively carry out efficient functions within the Force.

A key element of the Removable Media Policy is the requirement to ensure BitLocker encryption is used when using removable media devices, particularly USB sticks. The ICT department can provide guidance on this where required.

This policy affects all categories of Dyfed-Powys Police Officers and staff, whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates and contractors),seconded staff and volunteers, specifically in relation to the use of Removable Media devices. Police Officers, staff and volunteers accessing and using Force assets and property must have due regard to the contents of this policy. 

 

3.  Powers and Policy/Legal Requirements

This policy meets organisational requirements and is compliant with control measures as recommended under the ‘Protect’ function of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, specifically ‘PR.PT-2 Removable media is protected and its use restricted according to policy’, and with recommendations provided by the National Cyber Security Centre (NCSC) in relation to the use of removable media.

The Force complies with the following legislation and all other legislation as appropriate, including, but not limited to:

  • Computer Misuse Act 1990
  • Data Protection Act 2018
  • UK General Data Protection Regulation
  • Human Rights Act 1998
  • Official Secrets Act 1989
  • Electronic Communications Act 2000
  • Regulation of Investigatory Powers Act 2000 (RIPA)
  • Freedom of Information Act 2000

Related policies, standards, procedures, practices, include, but are not limited to:

  • Dyfed-Powys Police Information Security Policy and Associated Standards
  • Dyfed-Powys Cyber Security Policy
  • Dyfed-Powys Police Data Protection Policy
  • Dyfed-Powys Police Technical Support Unit Guidance: DPP Guidance in the use of USB Drives for Digital CCTV Retrieval

 

4.  Options and Contingencies

Policy Owner: The policy is owned by the Head of ICT who is responsible for regularly monitoring the policy for its effectiveness, challenges to the policy, any changes to NIST/NCSC guidance, and any inefficiencies in relation to the implementation of this policy.

Approval Process: Approval of decisions regarding the implementation of the policy are made by the Information Assurance Board.

The Removable Media Guidelines: These guidelines identify the procedures and processes in relation to the use of Removable Media.

The procedures and processes identified within the Removable Media Guidelines are applicable to all police officers and police staff who are involved in any aspects of the use of Removable Media within Dyfed Powys Police.  Referral to supervisors and managers for advice and guidance will be sought where deemed appropriate.

The following Code of Ethics principles are relevant to this policy:

  • Couarge 
  • Respect and Empathy 
  • Public Service 

 

5.  Take action and review

Reports via the Workstream Tracker system in relation to the use of removable media are used to quantify issues relating to the use of removable media.

The ICT Department carries out Protective Monitoring across the Force network which can highlight issues relating to the usage of removable media devices and this is used to highlight any failure in the processes and procedures outlined in the Removable Media Guidelines.

As part of the Force’s Protective Monitoring capability, the ICT Department is presented with alerts from the National Management Centre (NMC), further supporting ICT in the monitoring of removable media improper usage.

Any significant failures within the procedures contained within the Removable Media Guidelines are referred for consideration to ICT Management.

Guidance and recommendations from relevant organisations, including NIST and NCSC, are considered when reviewing and updating this policy.

 

CODE OF ETHICS CERTIFICATE OF COMPLIANCE

This policy has been drafted in accordance with the Code of Ethics and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Code and the principles underpinning it.

 

HUMAN RIGHTS ACT CERTIFICATE OF COMPLIANCE

This policy has been drafted in accordance with the Human Rights Act and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Act and the principles underpinning it.

 

EQUALITY IMPACT ASSESSMENT

Section 4 of the Equality Act 2010 sets out the protected characteristics that qualify for protection under the Act as follows: Age; Disability; Gender Reassignment; Marriage and Civil Partnership; Pregnancy and Maternity; Race; Religion or Belief; Sex; Sexual Orientation.

The public sector equality duty places a proactive legal requirement on public bodies to have regard, in the exercise of their functions, to the need to:

  • eliminate discrimination, harassment, victimisation, and any other conduct that is unlawful under the Act;
  • advance equality of opportunity between persons who share a relevant protected characteristic and persons who do not share it;
  • foster good relations between persons who share a relevant protected characteristic and persons who do not share it.

The equality duty applies to all protected characteristics with the exception of Marriage and Civil Partnership, to which only the duty to have regard to the need to eliminate discrimination applies.

Carrying out an equality impact assessment involves systematically assessing the likely or actual effects of policies on people in respect of all the protected characteristics set out above. An equality impact assessment should be carried out on any policy that is relevant to the public sector equality duty. 

EQUALITY IMPACT ASSESSMENT COMPLETED: January 2025