YALE-MSS-7.5: Sanitize systems before re-use

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.5: Sanitize systems before re-use

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Complete removal of confidential information from electronic media/devices is required before the media is made available for reuse. 

Before wiping and repurposing the device, make sure you can delete the data on the device. If the data you have on your device is not available anywhere else, the University may require you to keep it. Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.

When the use or retention period of any media containing confidential information is completed, the confidential information must be destroyed, rendered unrecoverable, or returned to the owner. 

Before repurposing or recycling any IT System, you must delete the data. Only "erasing" or "deleting" files does not remove them from the storage on an IT System. A user can still extract the data in many ways, putting the data at risk of unauthorized access.

Controls