Data Sanitation Standard

1.0 Overview

This standard defines terms and procedures that are important for understanding the proper removal/destruction of Murray State University information.

2.0 Purpose

The purpose of this standard is to provide all users with the appropriate information to abide by the Data Sanitation Policy.

3.0 Scope

This policy applies to all Murray State University owned equipment and non-Murray State owned equipment that contains university related data.

4.0 Standard

4.1 Erasing Data and Maintaining a Usable Device (Level 1 - Secure)

• Cell Phones – Manually delete all information, such as calls made, phone numbers, then perform a full manufacturer’s reset to restore the cell phone back to its factory default settings.
• Personal Digital Assistant – Manually delete all information, then perform a manufacturer’s reset to restore the PDA to factory state.
• Routers/Switches – Perform a full manufacturer’s reset to restore the router back to its factory default settings.
• Floppies – Overwrite media by using Information Systems-approved software and validate that all data has been properly removed.
• Hard Drives – Overwrite media by using Information Systems-approved software and validate that all data has been properly removed.
• Removable Media – Overwrite media by using Information Systems-approved software and validate that all data has been properly removed.
• Zip Disks – Overwrite media by using Information Systems-approved software and validate that all data has been properly removed.
• Reel and Cassette Format Magnetic Tapes – Clear by either re-recording (overwriting) or degaussing.
• Compact Flash Drives – Overwrite media by using Information Systems-approved software and validate that all data has been properly removed.

4.2 Purging Data (Level 2 - Most Secure)

With highly confidential data it is recommended that after cleaning the device with a software-based tool, users should also use some sort of degaussing machine to give the device another layer of sanitization to ensure all data has been cleared. If this is not possible, it is recommended that they do the initial santization phase again.

5.0 Approved Software

Below are various types of data sanitizing software that Information Systems approves. This list is not complete and will change as technology does. If you would like to use any other type of software, other than the ones listed below, please get this approved by the Information Security Officer.

Windows

• Darik's Boot and Nuke
• Eraser

Macintosh

• Darik's Boot and Nuke
• Burn

Unix

• Darik's Boot and Nuke
• Wipe

6.0 Definitions

Degauss

The act of removing magnetism from a device. When applied to magnetic storage medium such as floppy disks and tapes, data is erased.

7.0 Revision History