Sidebar: Best Practices for Data Destruction
Computerworld -
Here's a summary of best practices used by Vince Tuesday when using an IT equipment disposal vendor to ensure complete destruction of all data. Tuesday (not his real name) is a security manager at a large financial services company and a former contributor to Computerworld's Security Manager's Journal.
Physical Disposal Practices
- Items to be removed from site are placed in a storage area within the organization's IT premises.
- Removable drives are checked, asset tags are scanned, and a report of the assets to be removed is generated for final checking and audit-trail purposes.
- Once the report is signed off on, items are removed from the site. Specific security guidelines for transportation are enforced, such as providing access to known, registered personnel only; conducting security checks on courier staff; using unmarked vans and specifying that vans may not be left unattended or unlocked; and so on.
- When arriving at the supplier's facility, the assets are booked into the supplier's system. A report is sent immediately for comparison with the removal report to ensure that all assets were received.
- Prior to processing, equipment is held separately from that of other customers.
- Company tags are removed during processing, before disposal or resale.
- Unannounced inspections of the supplier's premises are permitted in the contract.
Data Sanitization Practices
- Data is wiped using a DOD three-pass algorithm with software certified by authorities such as the British Communications Electronic Security Group (baseline and enhanced), U.S. Department of Defense (DOD 5220.22-M) plus other international standards. This service is used on servers (Unix and Intel-based), disc arrays, laptops, desktops and PDAs.
- When the disk can't be accessed, it is removed and and then drilled in order to destroy it. The system unit is then recycled as component spares.
- If removable media is found, it is offered to the customer for secure return or destruction.
- On completion of data erasure, a certificate (per batch) is provided to the customer.
- Printers and faxes have their memories purged using setup menus (or via a disk erasure utility, if it has a hard disk).
- Mobile phones are wiped by checking for SIM cards (and returning if found) and erasing via menus.
Read more about hardware in Computerworld's Hardware Knowledge Center.
Hardware
Additional Resources



White Papers & Webcasts
Oracle Accelerate - Not Just Smart but Timely
Download Now!
Why BI is Ripe - Now! - For Businesses of Any Size
Download Now!
Customer Video: HP Pelzer
Watch Now
3 Minutes with Free Tool Can Save Thousands!
Watch Now!
Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?
Data in Action: Making the Planet Smarter
Register Now
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.

