Standard and Process

See the specific requirements in the Media Sanitization Standard in the University Policy Library. The following supplements the requirements in University policy.

Sanitization refers to the general process of removing data, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.   When devices (e.g., computer, cell phone, etc.) or storage media (e.g., CD, thumb drive, workstation/server hard drives, etc.) are transferred, become obsolete, or are no longer usable or needed, it is important to ensure that residual magnetic, optical, electrical, or other representation of data that is stored is not easily recoverable. Follow the industry-accepted methods for the media.  For mobile devices, contact your provider on how to securely wipe or dispose of your device.

The department or individual directly responsible for the data or device is required to ensure that the data and licensed software is securely removed before transfer out of their control and that the sanitization process selected meets or exceeds the legal or regulatory requirements for the data stored. Examples of such transfers are; transfer to another department; public sale; donation; or scraping.

The responsible user, data owner, data custodian, or service owner must: 

  • Work with Technical staff when disposing of or transferring electronic media;
  • Manage the secure disposal of paper media.

Factors that impact the media sanitization process include:

  • Classification of data/information stored (e.g., public, private-restricted, or private-highly restricted)
  • License agreements for software installed
  • Type of transfer or disposal
  • Legal and regulatory requirements

Devices or media containing private-restricted or private-highly restricted information must be physically destroyed or the information must be destroyed, deleted or overwritten using tools or techniques to make the original information non-retrievable.  Overwriting should at least consist of a single pass with an industry-standard and validated media sanitization tool supporting overwriting with all zeroes or all ones. Follow the industry-accepted methods for the media.

The procedures for secure disposal of media containing sensitive information should be commensurate with the sensitivity of that information and its related risk. (e.g., with increased risk associated with loss of the data, the media should be physically destroyed).  If the data classification is unknown, at a minimum you should consider the data classification as private-restricted.

If the unit does not securely wipe/clear the data, the unit must follow a device end-of-life process to track the movement and control of an asset throughout its lifecycle, similar to chain of custody practices. UIS expectations for this process are:

  • Detailed documentation of each person that handles the asset,
  • The date/time it was collected and/or transferred, and
  • The purpose of the transfer until it can be transferred to an approved NAID-certified disposal vendor that accepts the hard drive for physical destruction.

For documentation/audit purposes, obtain a confirmation statement that all private-restricted or private-highly restricted data has been removed (See NIST 800-88, Appendix F for a sample form). Documentation should also be maintained when the media is disposed of.  University units determine where the documentation is stored.

In the following diagram, the sanitization methods CLEAR and DESTROY are NIST 800-88 terminology.  See NIST 800-88 for more detail.

  • CLEAR - Use software or hardware products to overwrite storage space on the media with non-sensitive data.  The security goal of the overwriting process is to replace written data with random data.
  • DESTROY - There are many different types, techniques, and procedures for media destruction.
Media Sanitation Decision Flow Diagram

Campus technology support groups that perform media sanitization should provide the department or individual documentation (with identifying information like serial number and date) and a statement that the campus support group agrees to perform the media sanitization in conformance with University policy and assume responsibility for doing so. The University unit or individual is responsible for storing the documentation related to the media sanitization of the device.  The campus technology support group must keep media in a secure location until properly sanitized.

The University of Minnesota has a contract for recycling and disposal of electronic media.

For malfunctioning devices or media, work with your vendor to offer a "no return to vendor" option for malfunctioning media or a process to sanitize the media prior to leaving the University premises.

Paper Media

Paper media containing private-highly restricted or private-restricted data must follow secure disposal procedures, in accordance with the Destroying University Information and Records policy. Shredding must be performed for protected health information, social security numbers and credit card numbers. In addition, shredding is recommended for student records.

The pulping of paper via the confidential recycling process is not an acceptable form of disposal for certain data containing private-highly restricted data, specifically protected health information, student records, social security numbers and credit card numbers.

More Information

Document Management

Document Responsibility and History
Document Owner Document Approvers Effective Date Last Reviewed Date
University Information Security

Brian Dahlin,
Chief Information Security Officer

Bernard Gulachek,
VP of Information Technology and Chief Information Officer

August 2010 May 2019