Media Sanitization Standard
The purpose of this standard to establish the methods for sanitization of media for all CSUMB devices containing protected information.
Scope
This standard applies to all CSUMB media that contain, or have contained, protected University information.
Sanitization Methods
Electronic or physical records containing protected information must be properly disposed of so that the confidential information cannot be reconstructed and retrieved.
Hard Copy Storage
Paper documents and microforms containing protected information should be destroyed.
Portable Media Devices
Cell phones and other portable media devices containing protected information should be manually erased and reset back to factory default settings.
Office Equipment
Copy machines and fax machines should be reset back to factory default settings.
Magnetic Disks
Floppies, IDE hard drives, serial ATA drives, ZIP disks, SCSI drives should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.
Reel and cassette format magnetic tapes should be cleared by either re-recording (overwriting) or degaussing. Clearing a magnetic tape by re-recording (overwriting) may be impractical for most applications since the process occupies the tape transport for excessive time periods. Overwriting should be performed on a system similar to the one that originally recorded the data. For example, overwrite previously recorded classified or sensitive VHS format video signals on a comparable VHS format recorder. All portions of the magnetic tape should be overwritten one time with known non-sensitive signals.
Optical Disks
CDs and DVDs should be destroyed.
Memory
Compact flash drives or USB/memory sticks should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.
For proper sanitization of other memory devices, contact your area computer technician or the campus CIO at (831) 582-4700.
Magnetic Cards
For flash cards, perform a full chip purge as per manufacturer’s data sheets.
Magnetic cards, Personal Computer Memory Card International Association (PCMCIA) cards, smart cards, and RFIDs should be overwritten and destroyed by using university-approved and validated overwriting/destruction technologies/methods/tools.
Items Not Listed Above
For electronic technologies not listed above, please contact the campus CIO at (831) 582-4700.
Roles and Responsibilities
It is the responsibility of all employees with access to protected information to adhere to these standards.
It is the responsibility of all department managers to ensure that employees in their department adhere to these standards.
Revision Control
This standard will be subject to revision in response to changes in technology, regulatory compliance, and/or CSUMB operational initiatives.
Last reviewed/updated
06/21/2019 by Chip Lenno, CIO/ISO