Electronic Device Transfer and Disposal Procedure
Overview
In an effort to prevent Pepperdine University's restricted and confidential information from being seen by unauthorized individuals, and a potential data breach notification letter needing the signature of your Dean or VP, Information Technology wants to remind you how to handle hard drives in computers that are being surplused, traded in, or otherwise leaving the University.
Please review the Electronic Device Transfer and Disposal Standard.
Follow this procedure to ensure all Pepperdine information is properly removed or no longer able to be retrieved from hard drives prior to disposal or trade-in.
- Keep drives to be destroyed supervised or in a locked storage cabinet at all times.
- Log all drives and storage media. Create a sufficient log of the drive you are disposing of to identify it uniquely; label the drive as "logged for disposal" with your contact information.
- Decide how you will destroy the data. You may destroy yourself using an approved method or outsource the destruction of the data using an approved method.
Have an approved service destroy the data (recommended):
- Follow the steps above and then ship any hard drives or other storage devices to Tech Central, Malibu Campus, MS4329 for secure disposal. (Recommended)
- After you log the drives sufficiently to identify them uniquely; label and deliver the drives to an outside hard drive destruction service (such as https://www.shredit.com) that keeps an accurate and complete signed and dated chain of custody log and issues a certificate of destruction for each drive; and then retain the logs/certifications for one year.
Destroy the data yourself - use ONLY one of these approved procedures.
- For Macintosh Hard Drives - the Disk Utility application has a built-in disk wiping routine (located on the Security tab). Boot off a Mac install DVD or USB key, or boot the Mac to be wiped in target disk mode; then use Disk Utility from your media or host Mac to destroy the data. This does not apply to solid state drives (SSD).
- For Windows Hard Drives - the DBAN (Darik's Boot and Nuke) freeware utility performs disk wipes. Start a computer from a DBAN disk or boot the device on PXE and choose a DBAN. Choose a short number of DBAN passes (1 pass write zeros will make data totally unrecoverable; 3 passes are overkill). DBAN does not apply to solid state drives (SSD).
- For Solid State Drives (SSD) & Flash media - Connect the SSD to a PGP host with a USB adapter on the drive directly or via Mac target mode. Use PGP to encrypt solid state drives (SSD) or flash media with a random passphrase. It's one of the few reliable ways to destroy the data on a SSD.
If you have questions about this procedure, please contact Tech Central at 310-506-4357.