Data Destruction Procedure

1. Scope

   1. Define the procedure for destroying data on electronic devices, including the control of material for destruction.

   2. This procedure provides direction for destroying data with the intent of not being able to recover data through commercial means. This is not designed to prevent data recovery through highly sophisticated and expensive forensics.

2. Definitions

   1. Sanitization – eradicating all data from being restored on a device through off-the-shelf software

   2. Successful Overwrite – when all data has been overwritten with a random pattern of 0’s and 1’s and cannot be recovered through normal means.

   3. Verification – the act of auditing the overwrite of a drive to ensure no data can be identified.

   4. National Institute for Standards and Technology's (NIST) Special Publication 800-88: Guidelines for Media Sanitization - has become the real-world reference for data erasure compliance. Originally issued in 2006 and revised in 2012, SP 800-88 spells out preferred methodologies for wiping hard drives and other media under Minimum Sanitization. These methods include both over-writing and Secure Erase, a protocol built into the hard drive. This document has replaced the DoD standard in terms of regulatory and certification practice.

3. Responsibilities

   1. Manager – responsible for establishing policies and procedures to ensure accountability and successful data destruction practices

   2. Employees – oversees the storage and eradication of data to ensure successful data destruction

   3. PC Technician – executes the procedure to remove, track, and overwrite devices

4. Procedure Instructions or Details

   1. Data Destruction will be performed in accordance with the NIST 800-88 publication on media sanitization

   2. Media must be sanitized (purged) or destroyed in accordance with NIST 800-88.

   3. All media not destroyed or wiped leaving the facility must follow chain-of-custody procedures listed below.

   4. Review Customer requirements and execute data destruction accordingly.

   5. All data storage media potentially containing customer data will be secured once received. This includes media waiting to be sanitized, failed software sanitization, or has not yet been verified through quality assurance.

   6. Remove all hard drives and media from equipment.

5. Storage

   1. All data containing devices must be stored in an enclosed and secured area. Only authorized personnel will be allowed within these areas. When no personnel are operating in an area, the area must be locked at all times.

   2. Data containing devices ready for processing and has been processed will be stored in appropriate locations labeled, ready for evaluation, ready for wipe, ready for testing, R2/Ready for Resale, tested passed, and ready for recycling.

6. Software for Hard Drives

Usable Hard Drives (any HDD with market value of $5.00 or more)

1. Hard drives are wiped and tested by using WipeOS.

Security Erase/Enhanced Security Erase Mode:

The Enhanced Security Erase mode writes predetermined data patterns to all user data areas, including sectors that are no longer in use due to re-allocation.

This mode will erase data from the drive with a procedure that meets the compliance NIST 800-88 guidelines.

2. Erase: As part of the in-house testing software suite, “Triage”, WipeOS will automatically run through the network and detect any connected device with drives. Any Hard Drives that fail Security Erase/Enhanced Security Erase will be sent to next step processing.

   1. All hard drives that fail the testing and/or wiping process will be sent for in-house dismantling.

   2. HDD board shall be removed and HDD without board will be shredded and sent to recycling as aluminum breakage.

7. Equipment for Physical Destruction

   1. Consult the NSA/CSS Evaluated Products Lists for recommended models which meet the requirements of NIST 800-88.

2. Hard Drives

   • Includes drives not meeting minimum requirements and drives not successfully overwritten by data destruction software.

   • Shred

   • The shredding procedure may be bypassed if the material is sent to an approved vendor for data destruction and the secure shipping instructions are followed.

3. Compact Disks (CD’s) and DVD’s

   • Manufacturer’s CD’s or DVD’s containing software or drivers do not require destruction.

   • A cross-cut media shredder may be used to destroy optical disks.

   • Layers of DVD’s must be separated before shredding.

4. Customer Paper Documents

   • Destroy in a Crosscut shredder

5. Solid State Media

   • Includes flash drives, camera cards, SIM cards, solid state hard drives, etc.

   • Remove outer casing

   • Find storage chips and smash with a hammer or cut into multiple pieces.

6. Floppy Disks/Zip Disks – must be shredded.

7. Magnetic Tapes - Must be degaussed or shredded.

2. Other Equipment – refer to the NIST’s Guidelines for Media Sanitation – Special Publication 800-88 Revision 1 December 2014.

8. Outside Vendor Data Destructions

   1. The facility must be approved for Data Destruction operations per Downstream Vendor Qualifications.

   2. Secure Shipping requirements listed in procedure must be followed for shipping of any data containing devices.

   3. Vendors records of validations and verifications must be obtained

9. Witness Destruction

   1. The witnessed destruction of data containing devices can be completed by vendors approved for Data Destruction. The following steps must be followed.

      1. Secure shipping must be maintained by a designated employee. The designated employee must accompany the shipment to the destruction destination. The shipment should be secured via locking device/seal while on the truck to destination.

      2. The employee must accompany the shipment until all the steps of the destruction process are completed.

      3. After witnessing the data destruction, the employee will certify he/she witnessed the data destruction process.

      4. Records must be submitted to the facility manager and records kept for a minimum 3-year period.

10. Labeling

    1. Equipment successfully sanitized will be labeled with a green circle sticker.

    2. Equipment that cannot be successfully sanitized will be labeled with a Red circle sticker on the device.

11. Independent Verification

    1. 5% of hard drives and other media will be randomly selected to be verified, an independent party will evaluate the data destruction procedures and verify wiped and physically destroyed media are unrecoverable.

    2. Drives/Media will be shipped to a qualified independent party for verification purposes.

    3. The Verification Party will attempt to recover data from the drives/media using current technology such as data recovery software and follow the NIST 800-88 Guidelines for verification of data destruction.

12. Secure Shipping

    1. LTL or Small Package Shipping

       1. If media is shipped to another facility or Approved Data Destruction Vendor without first being wiped or destroyed, then the following chain of custody procedures will apply to the shipment(s).

       2. Media will be packaged appropriately.

          1. The box will be sealed with tamper proof tape and the seal will be initial and dated by the person packaging the equipment.

          2. The box will only have the destination address and point of contact. No other labels with reference to the contents or customer will be visible on the outer box.

       3. Media will be shipped with recipient signature required. Tracking will be established to notify the sender and recipient of delivery.

       4. Sender will track the package daily to ensure delivery to the proper location and person. Sender will contact the receiver to verify the physical receipt.

2. Truckload Shipping

   1. If media or equipment is shipped to another facility or Approved Data Destruction Vendor without first being wiped or destroyed via truckload, then the following chain of custody procedures will apply to the shipment(s).

   2. Upon loading the shipping personnel with document material shipped on BOL. Upon completion of load, shipping will close the trailer door and seal the truck.

   3. Seal number will be written on shipping paperwork as “shipped seal number”.

   4. Truck must be tracked to delivery.

   5. Upon Delivery must document from the receiver the seal number upon arrival. This must be documented upon shipping paperwork as “received seal number”.

13. Data Breach Steps/Notifications

    1. Management Data Breach Notification to Customer

       1. Management will report through written documentation, following discovery and without unreasonable delay, to the customer any release of, or unauthorized access to the customer’s confidential material that poses a threat to the security or confidentiality of that information. The initial written report should be submitted within 5 days of discovery of breach and shall include the following:

          • To the extent possible, a description of material that has been breached, a brief description of how the material was breached.

          • A brief description on the investigation of the breach, to mitigate harm to those affected and corrective actions to protect against further breaches.

14. Training

    1. All employees involved in Data Destruction procedures will be trained prior to working with data and annually on procedure.

15. Procedure

    1. Receiving

       1. When receiving inbound materials inbound personnel shall verify seal matches to BOL and/or inbound paper.

       2. Once documents and seal # has been confirmed, the seal can be cut.

       3. Data containing material will then be weighed, inventory, and verified weight with a packing list provided by the customer if available.

       4. Any discrepancy must be notified to the manager or account holder of the customer.

    2. Storage

       1. Once material is weighed, pictured, and tagged, the material will be transported to a high enclosed secure area for storage until the next step process.

    3. Shipping

       1. If media is shipped to another facility or Approved Data Destruction Vendor without first being wiped or destroyed, then the following chain of custody procedures will apply to the shipment(s).

       2. Media will be packaged appropriately.

          1. The box will be sealed with tamper proof tape and the seal will be initiated and dated by the person packaging the equipment.

          2. The box will only have the destination address and point of contact. No other labels with reference to the contents or customer will be visible on the outer box.

       3. Media will be shipped with recipient signature required. Tracking will be established to notify the sender and recipient of delivery.

       4. Sender will track the package daily to ensure delivery to the proper location and person. Sender will contact the receiver to verify the physical receipt.

Data Destruction Instructions

Related and Supporting Documents

8.1.6.7-F Data Validation Log

Document Revision History

Rev. Description of Change Date By

0 New 03/07/22 C.Vo

8.1.6.1-P Data Destruction Procedure - Rev.0