Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

1. Objective

the objective of this document is to establish procedures for the implementation of the University’s Media Disposal, Destruction, and Redeployment Protocol. Primarily, these procedures explain the process of preparing media for redeployment (reassignment), as well as offering additional resources and tools for erasing data.

2. General Principles

2.1. Reasonable steps must be taken to ensure that all Business Information is rendered unrecoverable prior to reuse or disposal of the media on which it is stored.

2.2. Between the time that media containing Business Information is removed from service, and the time it is sanitized or destroyed, it must be safeguarded against loss, theft, or unauthorized access. Storage space should meet at least the same security requirements as the original usage environment.

2.3. Transfer of equipment to the Office of Equipment Management for disposal, surplus or redeployment must include certification that the media has been appropriately sanitized.

3. Procedures

The following media transfers are common at the University and each entails different sanitization methods. 

The Minimum Action listed is based on the sensitivity of the data, and on the potential for physical access to the storage media. The latter involves a distinction between “keyboard access” or ordinary usage, and “laboratory access,” i.e., methods that involve physically dismantling a device in a laboratory and examining the storage media with special equipment.

DOD 5220.22 Standard—Triple Overwrite of data with verification. Write all locations with a pattern; write with the compliment; write with a random pattern; verify.

3.1 Examples

Reconfiguration Only:  A computer or other media is reconfigured for the same individual or set of individuals; there is no change in access.

  • Risk: Computer is not accessible for laboratory attack and access permissions do not change.
  • Minimum action: Hard disks can be reformatted and a new image installed without overwriting all existing data; removable media can be reformatted and reused as appropriate.

Public Use: A computer or other media is reconfigured for continued use in a public users room.

  • Risk: Computer is not accessible for laboratory attack; users have only limited expectation of data security.
  • Minimum action: Hard disks can be reformatted and a new image installed without overwriting all existing data.

Reassignment within unit: A computer or other media is reconfigured for use by a new user within the same unit. 

  • Risk: Computer is not accessible to laboratory attack; data access privileges have changed.
  • Minimum action: Hard disk should be overwritten by software that meets the DOD 5220.22 standard for triple overwrite with verification, or ATA Secure Erase with verification. 

Redeployment: A computer or other media is transferred to a different unit within the University.

  • Risk: Data access permissions have changed; control of the physical device has passed to a new unit.
  • Minimum action: Hard disk should be overwritten by software that meets the DOD 5220.22 standard for triple overwrite with verification, or ATA Secure Erase with verification.

Surplus or Disposal: A computer or other media is designated for surplus or disposal and is leaving University control. 

  • Risk: Computer is accessible to laboratory attack; data is leaving control of the University.
  • Minimum action: Disks should be destroyed, degaussed, or overwritten by software that meets the DOD 5220.22 standard for triple overwrite with verification, or ATA Secure Erase with verification.

Warranty Exchange: A computer or other media is broken and, under warranty, must be returned for exchange.

  • Risk: Media with data is leaving control of the University; media is accessible to laboratory attack. Last Updated May 16, 2011 
  • Minimum action: Unless vendor has a contractual agreement to maintain data security, media should be degaussed before returning to vendor. Note: Degaussing of hard disks will almost certainly render the standard warranty invalid, unless a “retain your media” option has been purchased. 4. Additional Resources
  • No labels