YALE-MSS-7.5: Sanitize systems before re-use

Standards Group:
YALE-MSS-7: Data Protection

Low Risk Endpoint Not Required Moderate Risk Endpoint Upcoming High Risk Endpoint Required Low Risk Server Not Required Moderate Risk Server Upcoming High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Upcoming High Risk Mobile Device Required Low Risk Network Printer Not Required Moderate Risk Network Printer Upcoming High Risk Network Printer Required

Details

Details and definitions

Complete removal of confidential information from electronic media/devices is required before the media is made available for reuse.

Before wiping and repurposing the device, make sure you can delete the data on the device. If the data you have on your device is not available anywhere else, the University may require you to keep it. Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.

When the use or retention period of any media containing confidential information is completed, the confidential information must be destroyed, rendered unrecoverable, or returned to the owner.

Reason for the standard

Before repurposing or recycling any IT System, you must delete the data. Only "erasing" or "deleting" files does not remove them from the storage on an IT System. A user can still extract the data in many ways, putting the data at risk of unauthorized access.

YALE-MSS-7.5: Sanitize systems before re-use

Standards Group:YALE-MSS-7: Data Protection

Details

Controls

Standards Group:
YALE-MSS-7: Data Protection