You are here

Media Sanitization

See the Media Sanitization Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Sanitization refers to the general process of removing data, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.   When devices (e.g., computer, cell phone, etc.) or storage media (e.g., CD, thumb drive, workstation/server hard drives, etc.) are transferred, become obsolete, or are no longer usable or needed, it is important to ensure that residual magnetic, optical, electrical, or other representation of data that is stored is not easily recoverable.

The department or individual directly responsible for the data or device is required to ensure that the data and licensed software is securely removed before transfer out of their control and that the sanitization process selected meets or exceeds the legal or regulatory requirements for the data stored. Examples of such transfers are: transfer to another department; public sale; donation; or scraping.

Factors that impact the media sanitization process include:

  • Classification of data/information stored (e.g., public, private-restricted or highly restricted)
  • License agreements for software installed
  • Type of transfer or disposal
  • Legal and regulatory requirements

Devices or media containing private-restricted or highly restricted information must be physically destroyed or the information must be destroyed, deleted or overwritten using tools or techniques to make the original information non-retrievable.  Overwriting should at least consist of a single pass with an industry standard and validated media sanitization tool supporting overwriting with all zeroes or all ones.

The procedures for secure disposal of media containing sensitive information should be commensurate with the sensitivity of that information and its related risk. (e.g., with increased risk associated with loss of the data, the media should be physically destroyed).  If the data classification is unknown, at a minimum you should consider the data classification as private-restricted.

For documentation/audit purposes, obtain a confirmation statement that all private-restricted or highly restricted data has been removed (See NIST 800-88, Appendix F for a sample form). Documentation should also be maintained when the media is disposed.  University units determine where the documentation is stored.

In the following diagram the sanitization methods CLEAR and DESTROY are NIST 800-88 terminology.  See NIST 800-88 for more detail.

  • CLEAR - Use software or hardware products to overwrite storage space on the media with non-sensitive data.  The security goal of the overwriting process is to replace written data with random data.
  • DESTROY - There are many different types, techniques, and procedures for media destruction.

 Media Sanitization Decision Flow Diagram

Campus technology support groups that perform media sanitization should provide the department or individual documentation (with identifying information like serial number and date) and a statement that the campus support group agrees to perform the media sanitization in conformance with University policy and assume responsibility for doing so. The University unit or individual is responsible for storing the documentation related to the media sanitization of the device.  The campus technology support group must keep media in a secure location until properly sanitized.

The University of Minnesota has a contract for recycling and disposal of electronic media.

For malfunctioning devices or media, work with your vendor to offer a "no return to vendor" option for malfunctioning media or a process to sanitize the media prior to leaving the University premises.

More Information

Document Owner: University Information Security

Document Approver: Brian Dahlin, University Information Security and Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014