Data destruction control procedure
Defining our approach to the destruction of data and data processing equipment.
Information about how we destroy data securely
Contents
Policy statement
This control procedure directly supports the following policy statement from the Information Security Policy:
“All assets (information, software, electronic information processing equipment, service utilities and people) will be documented and accounted for. Owners will be identified for all assets and they will be responsible for the maintenance and protection of their assets.”
Audience
This procedure is intended to be read and understood by any users responsible for arranging the disposal or destruction of information assets. It is of particular relevance to IT and digital staff and Information Asset Owners and Managers.
Control statements
Regular Disposal of Data
Information should be reviewed and disposed of regularly, in line with our retention and disposal schedule. This is maintained by the Records Manager.
Return of Assets
All users should return all University assets in their possession upon termination of their employment, contract or agreement. It is not permitted to pass or swap any University equipment or accessories between users.
It is the responsibility of Information Asset Owners to ensure that assets falling under their control are handled in line with this procedure.
In cases where a user uses their own personal equipment, the mobile and remote access procedure should be followed to ensure that all relevant information is transferred to the University and securely erased from the equipment.
Disposal of Data and Data Processing Equipment
Due to the lack of segregation in the University network, it should be assumed that any network-connected device, or any unconnected device that has processed University data, has held SENSITIVE data according to the information classification scheme used by the University. This means that physical equipment needs to be disposed of in a secure manner.
The only way to permanently destroy data, without physically destroying the media, is by multiple overwriting of the data by generating and recording random characters across the entire surface of the drive, resulting in complete data destruction and resetting of file sizes to zero. There are a number of overwriting standards but the current recognised UK standard is HMG IS 5 Enhanced.
Secure disposal for I.T. equipment and data-bearing assets through the currently procured contract is currently undertaken by DTP, with the contract managed by the IT & Digital Team. DTP’s testing, auditing, and wiping software is called Aiken workbench. Aiken is ADISA certified.
Secure disposal for I.T. equipment and data-bearing assets outside the main IT contract is currently undertaken by Stone Technologies, with the contract managed by the External Facilities Team. Stone Technologies uses Blancco overwriting software, which is certified by the National Cyber Security Centre. Stone Technologies is ADISA 8.0 accredited (expires 2026), certification number AAC012.
Secure disposal of Apple equipment is currently undertaken by Academia, with the contract managed by the IT & Digital Team. Academia uses Blancco overwriting software, which is certified by the National Cyber Security Centre. All devices that contain mechanical drives are overwritten to HMG Infosec 5 Enhanced standard. No official overwriting standards exist for SSD drives. For Apple devices that contain SSD’s we use Blancco to perform a firmware-based erasure “Blancco SSD erasure’. For devices, where Apple does not release the firmware information for the drives, the drives are wiped multiple times using Aperiodic random overwriting techniques within Blancco drive erasure.
Where equipment is to be reused, disks must be removed and wiped or destroyed as indicated below. Where disks are replaced, these need to be wiped/destroyed not simply returned to the manufacturer for re-issue.
Data destruction reports are provided to the Estates and Information Security teams.
We will employ the following data destruction/cleansing methods (filter by media type):
Hard Disk Drives (HDD)
Data storage mechanism:
- Non-volatile magnetic
Suggested removal methods:
- Multi Pass Pattern wiping
- Disintegration
Solid State Disk Drives (SSD)
Data storage mechanism:
- Non-volatile solid state memory
Suggested removal methods:
- Multi Pass Pattern wiping
- Disintegration
CD / DVD
Data storage mechanism:
- Optical
Suggested removal methods:
- Abrasion
- Disintegration
Magnetic Tape
Data storage mechanism:
- Non-volatile magnetic
Suggested removal methods:
- Degaussing
- Disintegration
Flash Disk Drives and USB
Data storage mechanism:
- Non-volatile solid state memory
Suggested removal methods:
- Multi Pass Pattern wiping
- Degaussing
- Disintegration
Paper
Data storage mechanism:
- Printed
Suggested removal methods:
- Micro Cross Cut Shredding
- Incineration
Phones
Data storage mechanism:
- Non-volatile solid state memory
Suggested removal methods:
- Wiped using ActiveSync
- Disintegration
Compliance
Failure to comply with this procedure could result in action in line with the university’s disciplinary procedure or performance improvement procedure.
Compliance checks will be undertaken by the university’s information governance functions. The results of compliance checks, their risk assessment and their remediation will be managed by the Information Governance Board.
Related documents
This control procedure needs to be understood in the context of the other policies and procedures constituting the university’s Information Security Management System.
Browse Information Security policies and control procedures
Review
A review of this policy will be undertaken by the information security team annually or more frequently as required, and will be approved by the Information Governance Board.
Version: | 3.3 |
Release date: | 05/09/2023 |
Review date: | 05/08/2024 |