You are here

Media Sanitization

Standard and Process

See the specific requirements in the Media Sanitization Standard in the University Policy library. The following supplements the requirements in University policy.

Sanitization refers to the general process of removing data, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.   When devices (e.g., computer, cell phone, etc.) or storage media (e.g., CD, thumb drive, workstation/server hard drives, etc.) are transferred, become obsolete, or are no longer usable or needed, it is important to ensure that residual magnetic, optical, electrical, or other representation of data that is stored is not easily recoverable. Follow the industry accepted methods for the media.

The department or individual directly responsible for the data or device is required to ensure that the data and licensed software is securely removed before transfer out of their control and that the sanitization process selected meets or exceeds the legal or regulatory requirements for the data stored. Examples of such transfers are: transfer to another department; public sale; donation; or scraping.

Factors that impact the media sanitization process include:

  • Classification of data/information stored (e.g., public, private-restricted, or private-highly restricted)
  • License agreements for software installed
  • Type of transfer or disposal
  • Legal and regulatory requirements

Devices or media containing private-restricted or private-highly restricted information must be physically destroyed or the information must be destroyed, deleted or overwritten using tools or techniques to make the original information non-retrievable.  Overwriting should at least consist of a single pass with an industry standard and validated media sanitization tool supporting overwriting with all zeroes or all ones. Follow the industry-accepted methods for the media.

The procedures for secure disposal of media containing sensitive information should be commensurate with the sensitivity of that information and its related risk. (e.g., with increased risk associated with loss of the data, the media should be physically destroyed).  If the data classification is unknown, at a minimum you should consider the data classification as private-restricted.

For documentation/audit purposes, obtain a confirmation statement that all private-restricted or private-highly restricted data has been removed (See NIST 800-88, Appendix F for a sample form). Documentation should also be maintained when the media is disposed.  University units determine where the documentation is stored.

In the following diagram the sanitization methods CLEAR and DESTROY are NIST 800-88 terminology.  See NIST 800-88 for more detail.

  • CLEAR - Use software or hardware products to overwrite storage space on the media with non-sensitive data.  The security goal of the overwriting process is to replace written data with random data.
  • DESTROY - There are many different types, techniques, and procedures for media destruction.

 Media Sanitization Decision Flow Diagram

Campus technology support groups that perform media sanitization should provide the department or individual documentation (with identifying information like serial number and date) and a statement that the campus support group agrees to perform the media sanitization in conformance with University policy and assume responsibility for doing so. The University unit or individual is responsible for storing the documentation related to the media sanitization of the device.  The campus technology support group must keep media in a secure location until properly sanitized.

The University of Minnesota has a contract for recycling and disposal of electronic media.

For malfunctioning devices or media, work with your vendor to offer a "no return to vendor" option for malfunctioning media or a process to sanitize the media prior to leaving the University premises.

Paper Media

Paper media containing private-highly restricted or private-restricted data must follow secure disposal procedures to prevent data reconstruction.

Technical staff are responsible for working with users, data owners, data custodians to manage the media sanitization for electronic media.

Users, data owners, data custodians, and service owners are responsible for

  • working with Technical staff when disposing or transferring electronic media;
  • managing secure disposal of paper media.

See the Information Security policy appendices for additional information security standards that also apply.

More Information

Document Owner: University Information Security

Document Approver: Brian Dahlin, University Information Security; Bernard Gulachek, VP of Information Technology and Chief Information Officer

Effective Date: August 2010

Last Reviewed Date: May 2019