Electronic Device Transfer and Disposal Procedure
In an effort to prevent Pepperdine University restricted and confidential information from being seen by unauthorized individuals, and a potential data breach notification letter needing the signature of your Dean or VP, Information Technology wants to remind you how to handle hard drives in computers that are being surplused, traded in, or otherwise leaving the University.
Please review the Electronic Device Transfer and Disposal Standard on this web page: http://community.pepperdine.edu/it/security/policies/disposal.htm
Follow this procedure to ensure all Pepperdine information is properly removed or no longer able to be retrieved from hard drives prior to disposal or trade-in.
- Keep drives to be destroyed supervised or in locked storage cabinet at all times.
- Log all drives and storage media - create a log of the drive you are disposing sufficient to identify it uniquely; label the drive as "logged for disposal" with your contact information.
- Decide how you will destroy the data - You may destroy yourself using an approved method or outsource the destruction of the data using an approved method.
Have an approved service destroy the data (recommended):
- Follw the steps above and then ship any hard drives or other storage devices to Anytime Support, Malibu Campus, MS4329 for secure disposal. (Recommended)
- After you log the drives sufficient to identify them uniquely; label and deliver the drives to an outside hard drive destruction service (such as http://www.shredit.com) that keeps an accurate and complete signed and dated chain of custody log and issues a certificate of destruction for each drive; and then retain the logs/certifications for one year.
Destroy the data yourself - use ONLY one of these approved procedures.
- For Macintosh Hard Drives - the Disk Utility application has a built-in disk wiping routine (located on the Security tab). Boot off a Mac install DVD or USB key or boot the Mac to be wiped in target disk mode; then use Disk Utility from your media or host Mac to destroy the data. This does not apply to solid state drives (SSD).
- For Windows Hard Drives - the DBAN (Darik's Boot and Nuke) freeware utility performs disk wipes. Start a computer from a DBAN disk or boot the device on PXE and choose a DBAN. Choose a short number of DBAN passes (1 pass write zeros will make data totally unrecoverable; 3 passes are overkill). DBAN does not apply to solid state drives (SSD).
- For Solid State Drives (SSD) & Flash media - Connect the SSD to a PGP host with a USB adapter on the drive directly or via Mac target mode. Use PGP to encrypt solid state drives (SSD) or flash media with a random passphrase. It's one of the few reliable ways to destroy the data on a SSD.
If you have questions about this procedure, please contact Anytime Support at extension 4329.