Computer Equipment Disposal policy


Computer Equipment Disposal policy

To minimize security risks associated with equipment disposal through ensuring the secure destruction of discarded data stores. Technology equipment often contains parts which cannot simply be thrown away.  Proper disposal of equipment is both environmentally responsible and often required by law.  In addition, hard drives, USB drives, CD-ROM's and other storage media contain various kinds of data, some of which is considered sensitive. To prevent information being stolen by dumpster divers. Dumpster diving is the colloquial name for going through somebody's garbage, which will usually be in dumpsters for large organizations. This is a powerful tactic because it is protected by social taboos. Trash is bad, and once it goes into the trash, something is best forgotten. The reality is that most company trash is fairly clean, and provides a gold mine of information.

Phone lists
Helps map out the power structure of the company, and gives possible account names, and is essential in appearing as a member of the organization.

Tapes, CD-ROM's
People forget to erase storage media, leaving sensitive data exposed. These days, dumpsters may contain larger number of "broken" CD-Rs. The CD-ROM "burning" process is sensitive, and can lead to failures, which are simply thrown away. However, some drives can still read these disks, allowing the hacker to read a half-way completed backup or other sensitive piece of information.

Hard drives
Information from broken drives can usually be recovered. It depends only upon the hacker's determination.

Solution for Dumpster Diving
To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. A paper shredder is a mechanical device used to cut paper into Chad, typically either strips or fine particles. Government organizations, businesses, and private individuals use shredders to destroy private, confidential, or otherwise sensitive documents. Privacy experts often recommend that individuals shred bills, tax documents, credit card and bank account statements, and other items which could be used by thieves to commit fraud or identity theft.

Computer Equipment Disposal policy sample

Purpose 

1. This policy defines the guidelines for the disposal of computer equipment and components owned by Organization.
2. To protect academic, administrative, and personal information from current and future threats by safeguarding its confidentiality, integrity and availability.
3. To establish responsibility and accountability for information technology security within the organization.
4. To encourage and support management, faculty, staff and students to maintain an appropriate level of awareness, knowledge and skill to enable them to minimize the occurrence and severity of information technology security incidents.
Scope
This policy applies to all technology equipment owned by organization.

Exemptions

This policy applies to everyone at all sites of the Organization. There are no exemptions.

Resources Covered by This Policy

This policy applies to any computer equipment or peripheral devices that are no longer needed in a department including, but not limited to the following:  personal computers, servers, hard drives, laptops, mainframes, smart phones, personal digital assistant (PDA) devices or handheld computers ( i.e., Windows Mobile, iOS or Android-based devices), peripherals (i.e., keyboards, mice, speakers), printers, scanners, typewriters, compact and floppy discs, portable storage devices (i.e., USB drives), backup tapes, printed materials.
 
Policy statement

1.When Technology assets have reached the end of their useful life they should be sent to the local Information Technology office for proper disposal.

2.Information Technology will securely erase all storage mediums in accordance with current industry best practices.

3.Data including all files and licensed software shall be removed from equipment using disk sanitizing software that cleans the media overwriting each and every disk sector of the machine with zero-filled blocks, meeting Department of Defense standards.

4.No computer equipment may be sold to any individual other than through the processes identified in this policy

5.No computer equipment should be disposed of via skips, dumps, landfill etc.

6.Electronic drives must be degaussed or overwritten with a commercially available disk cleaning program. Hard drives may also be removed and rendered unreadable (drilling,
Crushing or other demolition methods).

7.Computer Equipment refers to desktop, laptop, tablet or netbook computers, printers, copiers, monitors, servers, handheld devices, PDA's, telephones, cell phones, disc drives or any storage device, network switches, routers, wireless access points, batteries, backup tapes, etc.

8.Place a sticker on the equipment case indicating the disk wipe has been performed. The sticker will include the date and the initials of the technician who performed the disk wipe.

9.Technology equipment with non-functioning memory or storage technology will have the memory or storage device removed and it will be physically destroyed

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.


Popular posts from this blog

Step by step configuration of Exchange 2010 Edge Transport server

Image
Edge Transport server role has been designed to provide improved antispam and antivirus protection for Exchange 2010 environment. The Edge Transport server role is deployed in your organization's perimeter network as a stand-alone server or as a member server of a perimeter-based Active Directory domain. Designed to minimize the attack surface, the Edge Transport server handles all Internet-facing mail flow, which provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow.    Prerequisites for Edge Transport server 2010. 1. Microsoft .NET Framework 3.5 2. Windows Remote Management (Win...
Read more

Audit your computer using Helix Incident response Live CD

Image
Helix is a live Linux CD carefully tailored for incident response, system investigation and analysis, data recovery, and security auditing. It is geared toward experienced users and system administrators working in small-to-medium, mixed environments where  threats  of data loss and security breaches are high .Helix is a very powerful tool. Helix focuses on Incident Response and forensics tools. But with great power comes great responsibility, and as a potential forensics investigator, it is your responsibility to learn how to use this tool properly.Let us check one of the fine tool for auditing windows based PC . WinAduit is a freeware program available for free download.  WinAudit can generate various amounts of information that is of interest only to the specialist user. The default behavior is to audit all categories except for Loaded Modules, System Libraries and Finding Files.WinAduit allows to save the audit ...
Read more