CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd"

Transcription

1 CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate Ltd 107 Fleet Street, London EC4A 2AB TEST LABORATORY DETAILS SiVenture Unit 6, Cordwallis Park Clivemont Road Maidenhead Berks SL6 7BU Telephone Number: Telephone Number: Website: Website: CCTM Application Reference Number V032/0003 CCTM Maintenance Application only ICD Reference Number NA ONY2-CD-0002 ICD Version Number 1.3 ICD Date 15 April 2011 ICD Author Julian Fraser CONTACT POINT FOR TECHNICAL QUERIES ON THE ICD: Contact Name: Julian Fraser Contact Address:

2 Telephone Number: CERTIFICATE DETAILS The table will be on the front cover of the Final ICD when this is published on the CCTM Website CCTM Certificate Number 2011/04/0096 CCTM Awarded on 05 May 2011 CCTM Award Expires on 04 May 2012 ICD Issue Date 05 May 2011

3 TABLE OF CONTENTS 1 INTRODUCTION Background Objectives Purpose of Document Structure IS SERVICE DESCRIPTION Service Identification Service Overview Usage assumptions CCTM CLAIMS FOR THE IS PRODUCT OR SERVICE Claims Statements Existing assurance certificates Test Approach... Error! Bookmark not defined. 15 April 2011 Version 1-3 Page 3 of 11

4 1 INTRODUCTION 1.1 Background This document outlines the IA claims made by Data Eliminate Limited in regard to the suitability of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management for use by the UK Public Sector and other users for ensuring data has been securely destroyed on end of life computer and data storage equipment. Data Eliminate helps customers to meet those challenges. The service incorporates a selection of destruction methods including magnetic media degaussing, physical destruction by shredding and secure data overwriting. 1.2 Objectives The objectives of this document are to enable testing and verification under the CCT Mark scheme. 1.3 Purpose of Document This document is the ICD for Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management This ICD is the baseline document for the CCTM Claims Test of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management. 1.4 Structure The structure of this ICD is as follows: Section 1 (this section) contains the introductory material. Section 2 contains the description of functionality of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management and all the information related to the security of Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management. Section 3 details the security functionality claims that are being made. 15 April 2011 Version 1-3 Page 4 of 11

5 2 IS SERVICE DESCRIPTION 2.1 Service Identification Product or Service Name: Secure Destruction of Data on Harddrives, Computer Storage Media and Handheld Devices Incorporating WEEE Recycling Management Version: 1 Period of Assessment: January 2011 December Service Overview Clients may select from a list of service options including: Degaussing of hard disk drives and magnetic media such as data tape using products that are certified by CESG under IS(5) at the lower level and are considered capable of purging data up to and including IL3 (Restricted). Physical destruction by shredding of all media. This includes media such as hard disks, data tapes, CDs and DVDs, and handheld devices such as PDAs and mobile phones. Data Overwriting using software certified by CESG under Infosec Standard 5 at the higher level (customers should refer to the latest version of IS5 for details of how higher level overwriting products may be used to destroy data at IL3 and above). Blancco or Kroll overwriting products are used. It should be noted that under the CCTM scheme, data at IL4 and above is considered out of scope and that sanitisation of data is only valid for data up to and including IL3. On-site or off-site destruction. The client can choose to have on-site destruction at their own location or have classified material securely transported to Data Eliminate s secure destruction facility. Data Eliminate provides secure transport of media and of residue/waste after destruction as necessary. The recording of the details of processed data storage items for audit and asset tracking purposes. Details recorded can include but are not limited to serial number, make, model and asset number. A WEEE compliant disposal service of data storage media and other computer and electronic equipment. The process followed is below: 15 April 2011 Version 1-3 Page 5 of 11

6 1. Clients will contact Data Eliminate to procure The Service. The client s requirements and best practice as per IS5 will determine the appropriate service option(s). 2. Where degaussing is required by the client, Data Eliminate will deploy an engineer to the customer s premises with degaussing equipment. The degausser is certified as compliant with the lower degaussing standard and therefore is deemed to be capable of purging data classified up to and including IL3 (restricted). 3. Where physical destruction is required by the client, Data Eliminate will deploy equipment that is capable of destroying data protectively marked up to IL2 (protect). If data at IL3 is to be destroyed, it is necessary to combine physical destruction with the overwriting and/or degaussing service options. 4. Where WEEE recycling is required by the client, Data Eliminate engineer(s) will remove waste and residue from the destruction location. Such waste will be handled and disposed of in line with WEEE Directive. After disposal, a Waste Transfer Note or Hazardous Waste Consignment Note will be issued to the client. 5. At the time of service provision or shortly afterwards, Data Eliminate will provide the client with a certificate of data destruction. This certificate will record job execution date, the name of the senior engineer present, the name of the client s witness and details of items processed including serial number, make, model and asset number as required by the client. The certificate provides an audit record and proof of compliance as may be required by the client Security architecture Not applicable Hardware requirements The service uses a mobile degausser. The type used is made by Verity Systems Ltd and the model is SV91 M Software requirements Not applicable Out of Scope The Service is intended to destroy data up to and including IL3 (restricted). Data with a higher impact level is not covered under the CCTM scheme. If shredding of media is selected without prior 15 April 2011 Version 1-3 Page 6 of 11

7 degaussing or overwriting, then the service is only capable of destroying data up to IL2. Data marked as IL3 must be destroyed by degaussing or overwriting to render the media unclassified. 2.3 Usage assumptions Assets Hard disk drives (desktop, laptop, server, and solid state based drives) Disks (CD, DVD, Floppy, and zip disks), tapes (DAT, DLT, LTO, Audio, and Video Portable storage devices (memory sticks, memory pens, memory cards, and flash based devices) mobile telephony devices (PDA and Smartphone) Threat scenario Threats to assets which are countered are the theft, accidental loss or unauthorised disclosure of personal or operational data Expected operational environment The service can be provided at a location of the client s choosing or at Data Eliminate s secure destruction facility Organisational security policies The service helps the customer to comply with: HMG Security Policy Framework V1.0 (SPF70) December 2008 Mandatory Requirement 45 Code of Connection for the GSI Soctim Data Handling Guidelines, Nov 2008 Security policies related to ISO controls Data protection and privacy of personal information. The United States Sarbanes Oxley Act. In addition, users will be able to comply with NHS SyOp 7.13, the Data Protection Act and generally provide protection against identity and data theft Security requirements on the environment It is the customer s responsibility to provide a secure environment in which the on-site Service can be performed. This should be done in line with their own security policies and procedures. The Service can then be carried out within the secure environment provided by the customer. 15 April 2011 Version 1-3 Page 7 of 11

8 3 CCTM CLAIMS FOR THE IS PRODUCT OR SERVICE 3.1 Claims Statements Unique Ref Claims statements 1 Data Eliminate Ltd operates an Integrated Management System (IMS) covering Operations within the company s offices, on site and off site secure data destruction services, and the management of recycling of IT equipment. The IMS is independently audited by UKAS certified inspectors, NQA, and incorporates the following international standards: ISO 27001:2005 Information Security Management System ISO 14001:2004 Environmental Management System ISO 9001:2008 Quality Management System 2 Data Eliminate manages the recycling and disposal of WEEE in line with the WEEE Directive and is registered with the Environment Agency as a Licensed Waste Carrier and Broker under Certificate Number CB/XN5315VV. Waste Transfer Notes are provided as appropriate. 3 Data Eliminate provides an Overwriting Service for computer hard drives. The service erases data with a protective marking of RESTRICTED or below using software approved for this purpose by CESG. 4 Data Eliminates provides a Degaussing Service for hard drives and magnetic storage media using equipment approved for this purpose by CESG. The service erases data with a protective marking of RESTRICTED or below in compliance with the CESG Lower Level Degaussing Standard. 5 Data Eliminate provides a vehicle-based mobile Shredding Service which is delivered at the customer s premises (or otherwise as specified by the customer). The vehicle is self-powered and self-contained. 6 The Shredding Service shreds and physically destroys hard disk drives, disks, tapes, portable storage devices and mobile telephony devices to ensure that each item is inoperable and destroyed using commercial best practice. The Shredding Service must be used in conjunction with degaussing and/or overwriting to reduce data protectively marked as IL3 to unclassified. 7 Data Eliminate staff count and record the data storage items identified for processing before destruction begins. The client can witness the entire process including counting, recording and destruction. 8 The data destruction services are available at a location specified by the customer (on-site) or at Data Eliminate s own secure facility (off-site). 9 The customer is provided with a certificate of data destruction at the time of destruction or shortly afterwards. This provides details of the media destroyed including media type and serial number (where available), date destroyed, by whom it is destroyed and by whom the destruction process is witnessed. 15 April 2011 Version 1-3 Page 8 of 11

9 Unique Ref Claims statements 10 Data Eliminate will provide secure transport of all media and equipment between sites as required. This transport is approved for carrying material up to and including IL3. 11 Data Eliminate will use staff who are at a minimum BPSS cleared, and deemed capable of handling IL3 material. Staff are fully trained in the use of the equipment. 3.2 Existing assurance certificates The Verity SV9IM degaussing unit used in this service for data destruction complies with the CESG Lower Level Degaussing standard [CESG]. This was originally approved against the SEAP 8500 degaussing standard. Under S(E)N 06/09, degaussers which have been certified as meeting SEAP 8500 will automatically be considered to meet the CESG lower level degaussing standard. See the CESG website for further information: ( displaypage=152&id=287 ) Blancco 4.8 HMG is approved at both Lower and Higher Overwriting Standards (refer to HMG Infosec Standard 5). Blancco 4.8 HMG is approved for UK Government use. isplaypage=152&id=442 Kroll Ontrack Eraser Version 3.0 is approved at the Lower Level and the Higher Level Overwriting Standards (refer to HMG Infosec Standard 5). isplaypage=152&id= April 2011 Version 1-3 Page 9 of 11

10 ANNEX A GLOSSARY OF TERMS Term CCT Mark CD CESG DVD EU HDD HMG IA IL IS IT lcd LTO NHS PDA SDLT SEAP UK WEEE Meaning CESG Claims Tested Mark Compact Disk Communications-Electronics Security Group Digital Versatile Disk European Union Hard Disk Drive Her Majesty s Government Information Assurance Impact Level InfoSec Standard Information Technology Information Assurance Claims Document Linear tape open (magnetic tape media) National Health Service Personal Digital Assistant Super Digital Linear Tape Security Equipment Assessment Panel United Kingdom EU directive on Waste Electrical and Electronic Equipment 15 April 2011 Version 1-3 Page 10 of 11

11 ANNEX B MARKETING STATEMENT TO BE USED (IF THE CLAIM IS SUCCESSFUL) The service provides a secure and convenient way for public sector organisations to destroy data held on hard drives and storage media and meet their obligations under: The Security Policy Framework Mandatory Requirement 45 Secure Disposal for IT Equipment, The Code of Connection (CoCo for Local Authorities), UK and EU Data Protection Legislation including the Data Protection Act. Service features and options include: On-site and off-site service provision Shredding, degaussing of magnetic media or secure overwriting Environmental recycling of media and IT equipment Serial numbered asset-tracking Destruction Certificates and Waste Transfer Notes Data Eliminate Ltd operates an Integrated Management System (IMS) independently audited by UKAS certified inspectors incorporating: ISO 27001:2005 Information Security Management System ISO 14001:2004 Environmental Management System ISO 9001:2008 Quality Management System For this CCT Mark Service no security claims are made for media marked at IL4 or above. **End of Document** 15 April 2011 Version 1-3 Page 11 of 11

Secure Mobile Shredding and. Solutions

Secure Mobile Shredding and. Solutions Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled

More information

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened

More information

OUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES

OUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES SERVICES OVERVIEW OUR SERVICES... ONSITE SERVICES Onsite Shredding Services Onsite Data Erasure Services Onsite Document Destruction Services Onsite Hard Drive Destruction Services Data Centre Decommissioning

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

Fujitsu Asset Lifecycle Management Services

Fujitsu Asset Lifecycle Management Services Fujitsu Asset Lifecycle Management Services Reshaping ICT, Reshaping Business Contents 1.1 Introduction 3 1.2 Our approach 4 1.2.1 Fujitsu differentiators 5 1.3 Capability 6 1.3.1 Compliance 6 1.3.2 Tools

More information

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About

More information

Destruction and Disposal of Sensitive Data

Destruction and Disposal of Sensitive Data Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives

More information

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY Version: 1.4 Ratified by: Date Ratified: 14 October 2014 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued:

More information

Disposal & Destruction of Sensitive Data

Disposal & Destruction of Sensitive Data Disposal & Destruction of Sensitive Data Contents 1 Overview of Data Media Types 1.1 Non-Volatile Magnetic: Hard Disk Drives 1.2 Write Once Optical: CDROM and DVD- 1.3 Write Many Optical: CD-RW and DVD-RW

More information

Bedford County Tennessee

Bedford County Tennessee Bedford County Tennessee Digital Media and Hardware Disposal Policy Date: 08.31.11 Approved By: Chris White Policy Number: 1 P age 1.0 INTRODUCTION 3 1.1 Authority. 3 1.2 Purpose.. 3 1.3 Scope 3 1.4 Background.

More information

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved. CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE 12040940 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Data Sanitisation - Flash Based Storage

More information

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised: NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance

More information

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008 Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization

More information

Other terms are defined in the Providence Privacy and Security Glossary

Other terms are defined in the Providence Privacy and Security Glossary Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:

More information

IT Trading UK Ltd Computer & IT Equipment Disposal Specialists

IT Trading UK Ltd Computer & IT Equipment Disposal Specialists IT Trading UK Ltd Computer & IT Equipment Disposal Specialists Unit 4A Scott's Close, Downton Business Centre, Downton, Salisbury, Wiltshire, SP5 3RA Tel: 01725 513403 Fax: 01725 513714 Email: info@it-trading.co.uk

More information

October 2015 Issue No: 1.2. Security Procedures Cryptify Call

October 2015 Issue No: 1.2. Security Procedures Cryptify Call October 2015 Issue No: 1.2 Security Procedures Cryptify Call Security Procedures Cryptify Call Issue No: 1.2 October 2015 The copyright of this document is reserved and vested in the Crown. Document History

More information

Audio & Video Sanitisation & Destruction Policy

Audio & Video Sanitisation & Destruction Policy Audio & Video Sanitisation & Destruction Policy The purpose of this document is to define the standards for destruction and sanitisation of security-classified media. The cope of this standard is all media,

More information

IT ASSET DISPOSAL ISO 27001. ISO 14001 Registered Environmental Management. ISO 9001 Registered Quality Management

IT ASSET DISPOSAL ISO 27001. ISO 14001 Registered Environmental Management. ISO 9001 Registered Quality Management ISO 27001 IT ASSET DISPOSAL ISO 14001 Registered Environmental Management Registered Information Security Management ISO 9001 Registered Quality Management CONTENTS PAGE 04 WHO ARE STONE? PAGE 05 IT ASSET

More information

No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt.

No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. Data disposal can be a tricky path to navigate. You re looking for an answer, but there aren t many that are 100% reliable, can

More information

Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business

Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Allow AMI to unlock the value in your redundant IT equipment by extending the lifecycle of your

More information

SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure

SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure Page 1 of 6 Martin Whiteside Version 1.1 March 2015 CP-PP06 IT Asset Management Procedure 1 Document Overview This document provides the

More information

Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods

Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS

More information

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.

More information

Policy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media

Policy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media Policy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media The University has legal obligations to ensure that all computers, IT equipment, and data storage media (e.g.

More information

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091 Document Control Title Electronic Media Disposal Number 091 Owner Information & Communication Technology Manager Contributors Information & Communication Technology Team Version 1.0 Date of Production

More information

NHS Information Governance:

NHS Information Governance: NHS Information Governance: Information Risk Management Guidance: Maintenance and Secure Disposal of Digital Printers, Copiers and Multi Function Devices Department of Health Informatics Directorate July

More information

IT Operations Disposal of Media

IT Operations Disposal of Media 1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Name Job Title Signature Date Authored by:-

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

CITY UNIVERSITY OF HONG KONG. Information Classification and

CITY UNIVERSITY OF HONG KONG. Information Classification and CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT SANITISATION

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT SANITISATION CESG ASSURED SERVICE CAS SERVICE REQUIREMENT SANITISATION Version 2.0 Crown Copyright 2014 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version (CAS

More information

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually

More information

Samsung WEEE Management Policy (US and Canada)

Samsung WEEE Management Policy (US and Canada) Samsung WEEE Management Policy (US and Canada) 1. Purpose These requirements aim to minimize environmental impacts caused by all Electronic Waste generated by Samsung's US and Canadian operations and programs,

More information

Challenges and Solutions for Effective SSD Data Erasure

Challenges and Solutions for Effective SSD Data Erasure Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional

More information

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES Department of Culture and the Arts Government of Western Australia State Records Office of Western Australia SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES An Information Management Guideline for State

More information

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1. Page 1 Walton Centre Asset Management Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt 06/01/2004 1.1 L Wyatt Addition of storage media 16/03/2005 1.2 Liam Wyatt Update storage

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

Policy on Secure Disposal of IT Equipment and Information. 1. Information Security Working Group 2. CIO

Policy on Secure Disposal of IT Equipment and Information. 1. Information Security Working Group 2. CIO Policy on Secure Disposal of IT Equipment and Information v1.0 Organisation Title Creator Approvals Required Oxford Brookes University Policy on Secure Disposal of IT Equipment and Information Information

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

BACKUP SECURITY GUIDELINE

BACKUP SECURITY GUIDELINE Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect

More information

SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING. www.phsdatasolutions.co.uk. www.phsdatasolutions.co.uk

SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING. www.phsdatasolutions.co.uk. www.phsdatasolutions.co.uk SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING DATA SCANNING Data is the lifeblood of many businesses and organisations, access to which is imperative to its productivity and its success. Organising

More information

STANDARD 3-8 WORKING DAYS

STANDARD 3-8 WORKING DAYS TecLeo DATARECOVERYLAB HELPING Y OU LO O K AFTER YO U R DATA V.A.T. REG. NO. 4410173209 20 Uitzicht Office Park, 5 Bellingham Street, Centurion, 0157 Price List DATA RECOVERY Deloud (Pty) Ltd Data Recovery

More information

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology

More information

Life Cycle of Records

Life Cycle of Records Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

document destruction Our passion.

document destruction Our passion. document destruction Your office. Our passion. safeguard Our secure destruction service meets all the necessary compliances and helps to support ISO 9001, ISO 14001 and CSR objectives as well as improving

More information

Information Security Plan effective March 1, 2010

Information Security Plan effective March 1, 2010 Information Security Plan effective March 1, 2010 Section Coverage pages I. Objective 1 II. Purpose 1 III. Action Plans 1 IV. Action Steps 1-5 Internal threats 3 External threats 3-4 Addenda A. Document

More information

About this Tool Information Security for Residents...

About this Tool Information Security for Residents... About this Tool Information Security for Residents... Purpose: Provide materials to inform and educate Residents in order to reach compliance regarding information security. Audience: New Residents Information

More information

Guidelines on Digital Forensic Procedures for OLAF Staff

Guidelines on Digital Forensic Procedures for OLAF Staff Ref. Ares(2013)3769761-19/12/2013 Guidelines on Digital Forensic Procedures for OLAF Staff 1 January 2014 Introduction The OLAF Guidelines on Digital Forensic Procedures are internal rules which are to

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder

More information

Electronic Data Retention and Preservation Policy 1

Electronic Data Retention and Preservation Policy 1 1 Purpose and Scope The purpose of this policy is to: Identify the types of College-related electronic information, including the location of the information; Identify what departments or individuals are

More information

DATA ENCRYPTION POLICY

DATA ENCRYPTION POLICY DATA ENCRYPTION POLICY Contents 1. Introduction...4 2. Purpose...4 3. Audience...4 4. Responsibilities/Duties...4 4.1 Individual Staff Responsibilities...4 4.2 Accountable Officer...5 4.3 Director of Strategy

More information

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central. POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University

More information

ECONOMY 10-15 WORKING DAYS STANDARD 3-8 WORKING DAYS

ECONOMY 10-15 WORKING DAYS STANDARD 3-8 WORKING DAYS TecLeo DATARECOVERYLAB H ELPING Y OU LO O K AFTER YO U R DATA V.A.T. REG. NO. 4410173209 20 Uitzicht Office Park, 5 Bellingham Street, Centurion, 0157 DATA RECOVERY Data Recovery & Data Destruction Price

More information

A guide to our recycling And waste management services

A guide to our recycling And waste management services A guide to our recycling And waste management services SITA UK provides recycling and waste management services for more than 40,000 organisations across the UK These organisations choose SITA UK because

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

The guidance applies to all records, regardless of the medium in which they are held, including e-mail, spreadsheets, databases and paper files.

The guidance applies to all records, regardless of the medium in which they are held, including e-mail, spreadsheets, databases and paper files. Best Practice in Disposing of Records For whom is this guidance intended? This guidance is intended for all University staff that need to dispose of records, on an occasional or regular basis. It is likely

More information

Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization

Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization TECHNICAL REFERENCE DOCUMENT Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization Recommendations Key Points: of the National Real world compliance

More information

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008.

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. Designing a Co m p l i a n t Re c o r d Retention Policy for Your Business This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. by Jenna

More information

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0 Information retention and disposal guide Date: 31 October 2014 Version: 2.0 Contents 01. Guidelines The data challenge 5 Compliance what is it and why is it important? 6 The compliant data journey 7 Case

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Shredding. Security. Recycling

Shredding. Security. Recycling Shredding Security Recycling WHO WE ARE PHS Datashred has the knowledge, capability and experience to ensure the safe and secure disposal of your confidential material. Trusted by over a third of FTSE

More information

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number: State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2

More information

Understanding Data Destruction and How to Properly Protect Your Business

Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical

More information

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail. Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the

More information

IT Heath Check Scoping guidance ALPHA DRAFT

IT Heath Check Scoping guidance ALPHA DRAFT IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance

More information

Information Technology Policy and Procedures

Information Technology Policy and Procedures Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February

More information

Guidance on Personal Data Erasure and Anonymisation 1

Guidance on Personal Data Erasure and Anonymisation 1 Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Approved By: Agency Name Management

Approved By: Agency Name Management Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Media Protection Policy Every 2 years or as needed Purpose: The intent of the Media Protection Policy is to ensure the

More information

Information Technology Acceptable Usage Policy

Information Technology Acceptable Usage Policy Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

PS177 Remote Working Policy

PS177 Remote Working Policy PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection

More information

Industry Security Notice

Industry Security Notice Industry Security Notice Number 2010 / 01 Subject: Handling MOD Personal Data Introduction: 1. This Industry Security Notice reiterates policy and clarifies guidance on the Protective Marking, Impact Levels,

More information

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات - البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What

More information

Encryption Policy Version 3.0

Encryption Policy Version 3.0 Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

Media Disposition and Sanitation Procedure

Media Disposition and Sanitation Procedure Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...

More information

Data Security Policy

Data Security Policy Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:

More information

PCI Data Security and Classification Standards Summary

PCI Data Security and Classification Standards Summary PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers

More information

Mobile Phone Device Policy

Mobile Phone Device Policy Version 2.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

Payment Card Industry (PCI) Policy Manual. Network and Computer Services Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology

More information

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

SECURITY POLICIES AND PROCEDURES

SECURITY POLICIES AND PROCEDURES 2014 WorldEscrow N.V./S.A. SECURITY POLICIES AND PROCEDURES This document describes internal security rules within the WorldEscrow N.V./S.A. organization. Content 1) Employee Responsibilities... 1 2) Use

More information