Introduction

The purpose of this policy is to ensure all electronic information and licensed software are properly removed when disposing of computers with hard drives.

A large volume of electronic information is stored on computer hard disk and other electronic media throughout Corporate. Much of this information is sensitive to disclosure due to its confidentiality.

Most of the software at Corporate is licensed under special agreements which prohibit the transfer of this software outside of Corporate. This applies to all other electronic storage media including, SmartPhones, removable media such as CDs, DVDs, Universal Serial Bus (USB drives), removable media, backup disks, portable media players, diskettes, and tapes.

Unauthorized disclosure of certain information could subject Corporate to legal liability, negative publicity, monetary penalties, and the possible loss of funding. This procedure is designed to ensure information technology (IT) resources do not contain information of a confidential nature before they are transferred outside of any corporate facility for surplus or destruction. IT resources and electronic storage media will be cleaned and sanitized of all information.

Studies of disk sanitization indicate that simply deleting files from the media or formatting a hard drive is not sufficient to completely erase data so that it cannot be recovered.  Also, when you delete files in Windows by moving them into the Recycle Bin all data remains on the hard disk.

These studies generally recommend two methods for disk sanitation. First method is the destruction of the media either by physical force or by electromagnetic degaussing. However, destroying a hard drive lessens the value of the computer system for any other use.

The second method is disk sanitization by overwriting all previously stored data with a predetermined pattern of meaningless information, such as a binary pattern, its complement, and an additional third pattern. This has been detailed in the U.S. Department of Defense National Industrial Security Program Operating Manual DoD 5220.22-M.

 

Policy

Corporate staff and contractors must use approved techniques for proper sanitization (see Definitions) of hard drives and electronic storage media.

Techniques include:

1. Ensure all corporate records are properly identified and captured.
2. Overwrite hard drives utilizing Department of Defense (DoD) accepted software. Overwriting of data means replacing previously stored data on a drive or disk with a predetermined pattern of meaningless information, effectively rendering the data unrecoverable. As a minimum, a triple pass overwrite method should be used, where data is overwritten with 0s, then 1s, and then once with pseudo random data. Any system containing a hard drive or electronic storage media that has information categorized as high confidentiality must be overwritten seven times with a pattern of 0s, then 1s, and so on. A random test of hard drives should be made after overwriting.

Note:

After overwriting, the hard drive is still physically functional and can accept formatting. Therefore, the PC can be reissued and reused.

• Degauss a hard drive or storage media to randomize the magnetic domains—most likely rendering the drive or media unusable in the process. If they cannot be repaired economically or sanitized for reuse by the available tools, then the media will be degaussed and recycled following an environmentally sound process. This option, followed by physical destruction, must be used for any system containing a hard drive or electronic storage media that has information categorized as high confidentiality. If degaussing is performed “in house” at Corporate, then a random test of hard drives should be made after degaussing. Properly applied, degaussing renders any previously stored data on magnetic media unreadable by keyboard or laboratory attack.
• Physically destroy the storage media, rendering it unusable. Hard drives should be destroyed when protection cannot be reliably ensured or the technology is old or cannot be handled by the available tools. If they cannot be repaired economically or sanitized for reuse, the media will be destroyed and recycled following an environmentally sound process. Physical destruction must be accomplished to an extent that precludes any possible further use of the hard drive or storage media.
• For destruction of a CD/DVD, the most economical form of destruction is a CD/DVD shredder.
• Zip drive media, flash drives, and USB drives should be destroyed physically.

Note:

Tapes containing shared data are not to be destroyed until the appropriate retention time has passed.

 

Scope

This policy applies to all Corporate-owned hard drives and electronic storage media in all corporate facilities. All Corporate employees and contractors are responsible for the sanitization of computer systems and other electronic storage media as described by these procedures before disposal.

Failure to comply with this policy may result in disciplinary action up to and including termination.

 

Sanitization Tools

Overwriting Hard Drives

Overwriting software or hardware products exist to overwrite storage space on media with non-sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that are damaged or not writeable. The media type and size may also influence whether overwriting is a suitable sanitization method.

Acceptable tools for overwriting hard drives would securely wipe the contents (files, folders, encrypted data, swap files, Internet cache, Recycle Bin, free space, cookies, etc.) of any hard drive sufficiently enough to meet DoD standard 5220.22-M.

 

Degaussing

Degaussing of any hard drive assembly usually destroys the drive as the firmware that manages the device is also destroyed. Degaussing is exposing the magnetic media to a strong magnetic field in order to disrupt the recorded magnetic domains. A degausser is a device that generates a magnetic field used to sanitize magnetic media. Degaussers are rated based on the type (i.e., low energy or high energy) of magnetic media they can purge. Degaussers operate using either a strong permanent magnet or an electromagnetic coil. Degaussing can be an effective method for purging damaged media, for purging media with exceptionally large storage capacities, or for quickly purging diskettes. Degaussing is not effective for purging nonmagnetic media, such as optical media [compact discs (CD), digital versatile discs (DVD), etc.].

Degaussing machines for erasing magnetic media should be used at their optimum settings, and the corporate employee or contractor must adhere to the manufacturer’s instructions. Incorrect operation of the degaussing machine could leave data remaining on the hard drive.

 

CD/DVD Shredding

Optical mass storage media, including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD), and magneto-optic (MO) disks must be destroyed by pulverizing, crosscut shredding, or burning.