Connor Group Information Security
Standard - Data Disposal
Dec 2023
v.1.2
Introduction
It has become common for malicious actors to seek and utilize discarded equipment or trash to access sensitive data. This can be done by finding confidential files on discarded hard drives, thumb drives, backup-tapes, discarded papers, or other items disposed of by the company. At times, this discarded data can be leveraged to gain access to current systems or data by using scavenged credentials, technical documents or paperwork to impersonate legitimate access or business processes.
This standard codifies expectations for proper disposal of equipment or data when it leaves Connor Group’s custody. This standard is one in a set of documents that together, form Connor Group's Information Security Management System (ISMS).
Purpose
When media leaves Connor Group’s control with sensitive data still on it, the data itself is a disclosure risk. In addition, it could also be used to gain access to other sensitive company data or personal information. As such, when information systems or other types of media that hold data are removed from production or disposed of, appropriate efforts shall be taken to ensure subsequent access does not reveal sensitive data residing on the device or media.
Scope
All staff and Third Parties responsible for the management of IT Systems or Identities must understand and follow the requirements herein.
Compliance with this standard is vital when systems or data media are returned to a vendor or sold as part of an end-of-life disposition program as these are most likely to be recirculated.
In the event of uncertainty regarding the applicability of this Standard, contact Information Security for clarification and/or guidance at [email protected].
Definitions
References for terminologies or acronyms used within Information Security Standards can be accessed within the Glossary of Definitions (https://helpdesk.connorgp.com/a/solutions/articles/11000112202)
Standard
Adherence to requirements in this standard is mandatory.
1. SECURE DISPOSAL OR REUSE OF STORAGE MEDIA
Ref |
Requirement |
1.1 |
When storage devices and media containing sensitive information is being decommissioned, it must be physically destroyed or securely overwritten so that the data can never be recovered using appropriate software.
|
1.2 |
Any systems or media likely to have processed or held Confidential data must be disposed of through a secure process approved of by Information Security. |
1.3 |
All equipment containing storage media such as hard disks will be checked to ensure that any sensitive information has been securely removed or overwritten prior to removal from inventory.
|
1.4 |
The requirements for secure disposal apply equally to systems or media sold or given to third parties or business partners.
|
2. DISPOSAL OF MEDIA
Ref |
Requirement |
2.1 |
When no longer required, storage media (including program listings and system documentation; drives, USB drives, magnetic tapes, disks or cassettes, hard drives in digital copiers; and optical storage media) must be disposed of securely by multiple overwriting meeting or exceeding US Department of Defense standards defined in NISPOM: degaussing, shredding and/or incineration according to the highest level of classified data contained.
|
2.2 |
Any third-party secure disposal specialists must be pre-approved by information Security and bound by contracts specifying the security arrangements, responsibilities and liabilities (e.g. Connor Group retains the right to audit their operations; contractor accepts full legal liability for secure disposal from the point of collection of materials from Connor Group).
|
2.3 |
In accordance with protection requirements documented in the information classification procedures, disposal of individual items containing Confidential data must be logged in order to maintain traceability and auditability.
|
2.4 |
Prior content of any media containing Connor Group information that is to be re-used must first be securely erased (e.g., overwriting with random data or degaussing). The same principle applies to re-allocation of fixed disk space to new applications or users.
|
3. MEDIA SANITATION DEFINITIONS
Ref |
Requirement |
3.1 |
Clearing - One method to sanitize media is to use software or hardware products to overwrite storage space on the media with non-sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for SSD or media that is damaged or un-writeable. Full disk encryption and securely deleting the encryption key is an acceptable process of clearing. SSDs may also be cleared by a verified voltage spike. |
3.2 |
Purging - Degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods for purging. Degaussing is exposing the magnetic media to a strong magnetic field in order to disrupt the recorded magnetic domains. Degaussing can be an effective method for purging damaged or inoperative media, for purging media with exceptionally large storage capacities, or for quickly purging diskettes. |
3.3 |
Destroying - Disintegration, Pulverization, Melting, Metal Shredding, and Incineration. These methods are designed to completely destroy the media. They are typically carried out at an outsourced metal destruction or licensed incineration facility with the specific capabilities to perform these activities effectively, securely, and safely. |
3.4 |
Shredding - Paper shredders can be used to destroy flexible media such as diskettes once the media are physically removed from their outer containers. The shred size of the refuse should be small enough that there is reasonable assurance in proportion to the data confidentiality that the data cannot be reconstructed. |
4. MEDIA SANITIZATION IMPLEMENTATION
Ref |
Requirement |
4.1 |
The minimum media sanitization technique for all rewritable media is a Clear operation as defined in section 3.1 |
4.2 |
For non-rewritable electronic media, purge or destroy techniques as described in section 3.2-3.3 are to be used. |
4.3 |
Hardcopy documents shall be disposed of securely when no longer required by retention policy. Acceptable methods of disposal include: • Cross-cut shredding • Incineration • Pulping |
Compliance
Information Security team shall verify compliance to this policy through various methods, including but not limited to, walk-throughs, environment sampling, process review, monitoring, business tool reports, internal and external audits, and through feedback to the policy owner.
Any exceptions to this Standard require a formally approved exemption documenting justification and approval against compliance to this Standard. Exemption approvals are required prior to the System entering live operation.
The following are required to adhere to this Standard, except where a formal exception has been granted as above:
- All Connor Group Systems and employees, independent contractors, and subcontractors. Any individual found to have violated this Standard may be subject to disciplinary actions including termination and legal recourse.
- Any Third-Party System that is used to support Connor Group data and/or Services. Any Third Party that violates this Standard will be considered to have breached their contract with the Connor Group.
Revision History
Revisions require approval by the Director of Information Security and dissemination to applicable business units prior to release.
Version |
Detail |
Author |
Date |
1.1 |
Formatting revised with requirements enumerated for easier reference. |
Connor Group Information Security |
July 2022 |
1.2 |
Revised for clarity in annual review |
Connor Group Information Security |
Dec 2023 |