Information Technology

Media Sanitization Standard

The purpose of this standard to establish the methods for sanitization of media for all CSUMB devices containing protected information.

Scope

This standard applies to all CSUMB media that contain, or have contained, protected University information.

Sanitization Methods

Electronic or physical records containing protected information must be properly disposed of so that the confidential information cannot be reconstructed and retrieved.

Hard Copy Storage

Paper documents and microforms containing protected information should be destroyed.

Portable Media Devices

Cell phones and other portable media devices containing protected information should be manually erased and reset back to factory default settings.

Office Equipment

Copy machines and fax machines should be reset back to factory default settings.

Magnetic Disks

Floppies, IDE hard drives, serial ATA drives, ZIP disks, SCSI drives should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.

Reel and cassette format magnetic tapes should be cleared by either re-recording (overwriting) or degaussing. Clearing a magnetic tape by re-recording (overwriting) may be impractical for most applications since the process occupies the tape transport for excessive time periods. Overwriting should be performed on a system similar to the one that originally recorded the data. For example, overwrite previously recorded classified or sensitive VHS format video signals on a comparable VHS format recorder. All portions of the magnetic tape should be overwritten one time with known non-sensitive signals.

Optical Disks

CDs and DVDs should be destroyed.

Memory

Compact flash drives or USB/memory sticks should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.

For proper sanitization of other memory devices, contact your area computer technician or the campus CIO at (831) 582-4700.

Magnetic Cards

For flash cards, perform a full chip purge as per manufacturer’s data sheets.

Magnetic cards, Personal Computer Memory Card International Association (PCMCIA) cards, smart cards, and RFIDs should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.

Items Not Listed Above

For electronic technologies not listed above, please contact the campus CIO at (831) 582-4700.

Roles and Responsibilities

It is the responsibility of all employees with access to protected information to adhere to these standards.

It is the responsibility of all department managers to ensure that employees in their department adhere to these standards.

Revision Control

This standard will be subject to revision in response to changes in technology, regulatory compliance, and/or CSUMB operational initiatives.

Last reviewed/updated

06/21/2019 by Chip Lenno, CIO/ISO