• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Tier Ones

 :: HOME / Tier One Support /

Electronic Media Sanitization Guidelines

 

All University information systems and electronic media must be disposed of properly when no longer needed or before reuse. Disposal must meet the OUHSC Electronic Disposal and Reuse Standard.

In order to comply with policy, Information systems and electronic media are to be sanitized and adhere to NIST SP 800-88 Rev1.

 

Media sanitization to be done when:

• Information systems no longer needed
• Information systems pending GreenSafe pickup
• Information systems assigned to new user/purpose
• Information systems compromised by malware

 

***In order to comply with federal regulated data requirements, destruction records are to be maintained for a minimum of 6 years. ***

 

It is critical that Tier 1’s maintain a record of its sanitization to document what media were sanitized, when, how they were sanitized, and the final disposition of the media. Your records can be stored via paper or digitally on a network share. YOU ARE RESPONSIBLE FOR MAINTAINING YOUR RECORDS OF DESTRUCTION!

 

Note: A copy of the Certificate of Destruction must be provided to IT Security for any Information System being decommissioned that has undergone Risk Assessment OR Information System compromised by malware.

 

 

Active@ KillDisk

 

Campus IT has purchased and made available to Tier 1’s an Site Licensed copy of Active@ KillDisk found on \\isi-okc\public\KillDisk. After sanitization completion, Active@ KillDisk provides a certificate of destruction that will need to be maintained for record.

 

Information systems and electronic media sanitized by Active@ KillDisk must be done so by using US DoD 5220.22- M (ECE) 7 Pass erase method.

 

With the US DoD 5220.22- M (ECE) 7 Pass erase method, the write head passes over each sector seven times (0x00, 0xFF, Random, 0x96, 0x00, 0xFF, Random). There is one final pass to verify random characters by reading.

  

After sanitization completion, Active@ KillDisk provides a certificate of destruction. Two copies of the certificate of destruction will need to be maintained. A copy attached to the sanitized information system AND a copy maintained for records.

 

Detailed instruction on how to prepare a bootable CD, DVD, Blu-ray or USB storage device that you may use to destroy all data on the hard drives or troubleshooting advice can be found on \\isi-okc\public\KillDisk\KillDisk User Guide.

 

 

Destruction by Drilling

 

Hard drives and electronic media that cannot be sanitized by Active@ KillDisk can be destructed by drilling.

 

Information systems and electronic media sanitized using the destruction by drilling method must adhere to the following requirements:  

• At least three holes are to be drilled
• The holes are to be drilled through the platters and controller board.
• The holes are to be drilled through both sides of the drive
• Capturing digital images of the drive (including serial number) and images of the holes drilled as evidence of securely destroying the data
• A destruction form is to be completed and maintained by the Tier 1 for a minimum of six years 

 

***In order to comply with federal regulated data requirements, destruction records are to be maintained for a minimum of 6 years. ***

 

It is critical that Tier 1’s maintain a record of its sanitization to document what media were sanitized, when, how they were sanitized, and the final disposition of the media. Your records can be stored via paper or digitally on a network share. YOU ARE RESPONSIBLE FOR MAINTAINING YOUR RECORDS OF DESTRUCTION!

 

For any questions concerning media sanitization, feel free to contact IT Security @ (405)-271-2476 or ITSecurity@ouhsc.edu