Skip to main content

YALE-MSS-7.5: Sanitize systems before re-use

Standards Group:
YALE-MSS-7: Data Protection

YALE-MSS-7.5: Sanitize systems before re-use

Low Risk Endpoint Not Required Moderate Risk Endpoint Upcoming High Risk Endpoint Required Low Risk Server Not Required Moderate Risk Server Upcoming High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Upcoming High Risk Mobile Device Required Low Risk Network Printer Not Required Moderate Risk Network Printer Upcoming High Risk Network Printer Required


Complete removal of confidential information from electronic media/devices is required before the media is made available for reuse. 

Before wiping and repurposing the device, make sure you can delete the data on the device. If the data you have on your device is not available anywhere else, the University may require you to keep it. Review the Yale Records Retention Schedule maintained by the Office of General Counsel. This outlines how long we must keep certain data records preserved.

When the use or retention period of any media containing confidential information is completed, the confidential information must be destroyed, rendered unrecoverable, or returned to the owner. 

Before repurposing or recycling any IT System, you must delete the data. Only "erasing" or "deleting" files does not remove them from the storage on an IT System. A user can still extract the data in many ways, putting the data at risk of unauthorized access.