Digital Media Sanitization Policy
Approved: August 13, 2010
Last Reviewed: 06/30/2011
Last Modified: 06/30/2011
Responsible Office: Information Technology Services
Purpose
The purpose of the Digital Media Sanitization Policy is to prevent and mitigate the risk of unauthorized disclosure of sensitive information during the transfer or disposal of digital storage media and computing devices.
Scope
This policy applies to college-owned digital media/devices that are generally used for storing or transmitting data and therefore have the capacity to contain sensitive information. Digital storage media includes but not limited to floppy disks, zip disks, DVDs, CDs, external hard drives and USB storage devices. Digital computing devices include but not limited to desktop computers, laptop computers, tablet PCs, printers, scanners and copiers.
Procedure
This procedure has been adapted for Santa Fe College from the National Institute of Standards and Technology (NIST) Special Publication 800-88 Standards for Media Sanitization.
The NIST Guidelines identifies four types of media sanitization to use with various types of storage media and devices – Disposal, Clearing, Purging and Destroying.
- Disposal involves discarding the
- Clearing makes the data on the media unreadable by normal means such as
- Purging removes the data and protects the removed data from laboratory grade attacks by means such as
- Destroying makes the media unusable by means such as disintegrating, pulverizing and
Disposing surplus digital computing devices: Computing devices declared surplus by the Property Office and sold or transferred to another entity shall be disposed in accordance with Procedure 5.7P – Tangible Personal Property Control and sanitized by a vendor under contract with the College to dispose of digital devices in compliance with this policy.
Transferring digital computing devices internally: Computing devices transferred to different departments and/or functions shall be sanitized in Information Technology Services (ITS) using the methods described below. An ITS specialist shall certify that the property has been sanitized in compliance with this policy by signing the Property Disposition form or the IT Property Disposition Form.
Disposing/recycling surplus digital storage media: Storage media considered obsolete or not needed by departments shall be sanitized using methods described below.
Media Sanitation Methods
| Media/Device | Sanitation Methods |
| Hard drives | Clear by overwriting using an approved overwriting technology or destroy by drilling |
| Magnetic tapes | Clear by overwriting using an approved overwriting technology, purge by degaussing or destroy by shredding |
| Floppies, zip disks, CDs, DVDs | Destroy by shredding or pulverizing |
| USB removable media | Clear by overwriting using an approved overwriting technology or destroy by pulverizing |
| Portable devices (i.e. PDAs, cell phones, etc.) | Clear by performing a hard reset as specified by the device manufacturer or destroy by pulverizing |
| Multi-functional printers, copiers and fax machines | Clear by performing a hard reset as specified by the device manufacturer or by using vendors under contract with the College to sanitize media/devices in compliance with this policy |
Approved Overwriting Technology
The following overwriting software has been approved for disk sanitizing at Santa Fe College. The software overwrites the entire disk, multiple times if necessary, to ensure that all data is not recoverable.
- WipeDrive 0 Pro
- Ghost GDisk 0
Related Documents:
- Procedure 7P Tangible Personal Property Control Property Inventory Control Final Disposition form
History
08/13/2010 – Approved
06/30/2011 – Revised
Information Technology Policies v20110630