The organization should have policies describing what controlled items are and how they should be treated from a security perspective. The policies should carefully balance security controls versus convenience. The list should include, but not be limited to, the following:
- Portable devices (e.g. tablets, laptops, notebooks).
- Mobile phones.
- Cameras (incl. phones and other devices with camera capabilities).
- Portable media (USB drives/thumb-drives, hard-disk, memory cards etc.).
- Audio recorders.
- Devices with radio capabilities (e.g. Bluetooth, WiFi).
- Wearables.
- Firearms.
