III-5a Media Sanitization Operating Procedure
Last Revision Date: November 30, 2009
Approval Date: November 30, 2009
Approval Authority: Case Information Security Officer
The purpose of this procedure is to establish standard methodology for the cleanup of data storage media (e.g. hard drives) in desktop, laptop, and server computer hardware prior to system decommissioning or donation.
This procedure applies to all schools, departments, employees, faculty members, and agents of Case Western Reserve University.
The desired outcome of the procedure is to provide documented assurance that any information considered "Official Use" or "Restricted" do not persist on decommissioned computer hardware or data storage media. Note that university-contracted computer recycling vendors also follow an accepted data purge procedure.
Data Preservation Considerations
Before purging data from desktops or laptop computers in key business areas (e.g. HR, Finance, etc.) contact University Counsel to determine if a litigation hold exists for any data in the referenced computer or IT system. Continue with the procedure if no hold exists.
Removal of Registration and Networking Privileges
- Look up the MAC address of each machine and ensure its network registration is removed. If there is no OS, use a bootable CD (e.g. Ubuntu) to look up the address. It is helpful to record the registered IP address.
- For Windows-based PC hardware, lookup the MAC address using the command line utility ipconfig (ipconfig /all will list the network interfaces available)
- If there is no operating system installed, obtain a copy of a Linux bootable live CD (e.g. Ubuntu or Fedora) and boot the computer. From a terminal window, type the command ifconfig (ifconfig -a to get the MAC address).
- For MacOS computers, open the Terminal application and use the Unix ifconfig command.
- Use the ITS Systems Release form to remove the registration. This is particularly important for ITS systems, which may have fixed IP addresses assigned to the MAC address.
- If the computer had been assigned special firewall rules, record the IP address and then contact the Case Help Desk to submit a request to have the firewall rules removed.
Data Purge- Intel based systems
- Download or obtain a copy of Darik's Boot and Nuke (DBAN) and burn it to a CD. An alternative utility is the Secure Erase freeware utility from CMRR. DBAN will also work for Intel-based MacOS systems.
- Boot the target computer with the DBAN CD.
- Choose the data delete option.
- The recommended cycle is 1 pass. Additional coverage may be expanded to 3 passes.
- The the computer has more than one drive, the wipe sequence must be repeated for each drive.
- External media can also be purged in this manner.
Data Purge- PPC based systems
For PPC based MacOS systems, follow these additional procedures (note this needs to be performed beforeremoval of network registration).
- Boot the MacOS system from the Case network install image (hold down "N" during startup). The computer must be registered and connected to the wired network.
- Choose the "OS X 10.5 Install Network Disk"
- After boot, do not install, but use the menu to select the Disk Utility application. With the Disk Utility, choose the target hard disk(s) and under the Erase tab, select Advanced Settings.
- Choose the 7-pass erase cycle, then click "Erase."
- This procedure can also be performed using an Apple MacOS installation CD or DVD.
- Additional details and screen shots are available from Apple.
Data Purge- failed hard drives
Failed hard drives containing Restricted information must be destroyed by a certified vendor to ensure no risk of data disclosure remains.
- Contact the Help Desk for to schedule assistance from Information Security
- Remove the hard drives from service and store in a secured location (safe, locked cabinet) until delivered to Information Security.
- Cost of hard drive shredding is to be covered by the department responsible for the data.
Data Purge- Cell phones
Cell Phone SIM cards contain significant data that needs to be purged before returning to the vendor. Use this procedure to clear cell phones and PDAs before removing from service.
- Identify the cell phone make and model. If necessary, obtain the cell phone password since some phone procedures need it before data can be purged.
- Look up the pertinent procedure for the cell phone via the site ReCellular.com for explicit directions for cell phone, blackberry, etc. data purge.
- Palm Treo devices are best reformatted according to this procedure:
- Remove the phone number: Treo 700- go to the phone and press ##350234#
- Set the mobile number and MSID values to a bogus but close to realistic phone number of '2161231234.' This prevents reuse of the original number.
- While the power is on, remove the back cover to reveal the reset button. Use the stylus to press the recessed reset button while simultaneously pressing the red "hang up" button. After releasing the buttons, you'll be prompted for the reset function.
- Return the cell phone to the communications office for reuse or donation.
MAC address: the machine access code programmed into each network card or interface which identifies a computer on the Case network.
IP address: the internet protocol address for the computer.
litigation hold: a suspension of normal data deletion processes based on the standard data lifecycle
Disk Drive Secure Erase for User Data from UCSDs Center for Magnetic Recording Research.
NIST Media Sanitization Procedures from the National Institute for Standards and Technology.
NIH Disk Sanitization Procedures from the National Institutes of Health
Data owners and department managers are responsible for ensuring that all excess IT equipment undergo data purge procedures, either preformed by University staff or by an established vendor.
The Office of University Counsel is responsible for the communication of a 'preservation notice' to principal personnel for cases of litigation hold.
Standards Review Cycle
This procedure will be reviewed every three years on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.