Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods"

Transcription

1 SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS

2 Agenda The need to protect data when IT systems are decommissioned Methods and techniques, tools Important factors to consider What do you do?

3 Two important aspects of managing IT/Electronics end-of-life disposition Protecting the Environment Hazardous materials Reclamation of reusable materials Protecting your Data Customer, company, personal information Preventing data breaches or identity theft PCs, laptops, servers, clients, phones, tablets, copiers

4 Last Line of Defense Companies/institutions go to extraordinary lengths to protect data during life of IT systems Cybersecurity explosion Don t forget to do the same when decommissioning! 4

5 Data Breach Risks Data breach stakes are higher than ever Average cost per breach event in the U.S. = $7.2 M 1 10% of data breaches are due to improper disposal

6 Data Breach Risks Data breach stakes are higher than ever Average cost per breach event in the U.S. = $7.2 M 1 10% of data breaches are due to improper disposal 2 But it s more than an issue of $$ Classified data (e.g., government) in wrong hands Regulated information (e.g., healthcare) Intellectual property and proprietary data Company reputation and trustworthiness Liabilities

7 Plan for Data Protection at End of Life Treat as an integral part of IT asset management and IT system operations A critical piece of the overall cybersecurity solution set It shouldn t be an afterthought Budget How vulnerable and risk averse is your work sector? Healthcare, Financial, Government (incl. contracting), Legal, Regulatory oversight and penalties Classification or sensitivity of data Customer requirements How determined might your adversary be? The tools and vendors you choose depend on these factors One size doesn t necessarily fit all 7

8 Tools for Protecting Data at IT Asset End of Life Degaussing (HDDs, magnetic storage media) Physical destruction (shredding) Solid state devices and Micro-shredding Destruction vs. Sanitization 8

9 Hard Disk Drive Degaussing Intense magnetic field erases data on magnetic media and renders HDDs useless Necessary for classified and extremely sensitive data Equipment listed on NSA Evaluated Products List (EPL) meets rigorous NSA standards Required for DOD/Class projects Typically, classified data requires two-stage process of degaussing followed by shredding Throughput important for larger data destruction jobs 9

10 Data Destruction Securely Shredded Data Storage Devices The brute-force process of physically shredding hard drives, cell phones, tapes and other data storage media and devices Appropriate for most data when coupled with secure chain of custody and state-of-the-art destruction equipment Throughput important for larger data destruction jobs

11 Legacy Data Storage Continues to Evolve HDD size and cost diminish as memory density increases Good news for shredder Impacts decisions on data destruction techniques 11

12 Evolution Includes Transition to Solid State Memory Destruction requires different techniques for non-magnetic storage media (e.g., Flash)

13 In Some Cases, Particle Size Matters Traditional HDD shredders usually aren t appropriate for SSD s or flash memory devices such as SD cards, thumb drives, etc. Typically, a shred dimension of 2 mm or smaller is required (per NSA) to break through the memory chips and securely obliterate the data 13

14 New Technology Requires New Techniques 14

15 Micro Shredding (Hammer Mill) Pulverize Class SSDs, Flash memory, phones/pdas, circuit boards, other solid state devices to meet <2mm particle size standards 15

16 Destroying vs. Sanitizing Memory Why Destroy? NSA does not prescribe software wiping for any type of data storage device Data can be retrieved from dead sectors that are not overwritten when wiped Potential for hidden data in internal memory Shredding better mitigates the risk of human error A wiped drive and a non-wiped drive look exactly the same Wiping takes a long time The higher storage density of the drive, the longer it takes to overwrite the data With higher volumes, you consume more time and processing power (and $) to wipe the drives Evolution of data storage devices Chances are that old hard drive isn t all that useful Shredding is more fun to watch

17 No Such Agencies Class/UnClass Data media_destruction_guidance/ nispom pdf _01_oct_11_2007_final_agreement.pdf Publications/NIST.SP r1.pdf

18 Certifications Requires recyclers to sanitize, purge or destroy all data in secure environment Rigorously audited by independent third party in more than 50 areas 18

19 Additional Factors to Consider Vendor Certifications (NAID AAA, R2 or e-stewards) Secure chain of custody (Processes/procedures, DLIS certification) On-site vs. off-site destruction services Closed-loop, end-end processes and partnerships Documentation Certificate of Data Destruction Asset Report Traceability from your custody to destruction/disposition 19

20 The IT Infrastructure Landscape Has Evolved

21 The Internet of Things Data Gone Wild Re-evaluate: Vulnerabilities Methods Tools 21

22 Contact Information Hugh McLaurin, CSDS Owner, Securis Central Maryland Office Cell

23 Securis Core Strengths Responsible E-waste Recycling & End of Life Disposition Onsite removal service for recycling of retired IT assets in compliance with our Zero-Export, Zero-Landfill Policy and R2 Certification Data Shredding Mobile industrial shredder or Micro Shredder destroy computer hard drives, solid state drives, cell phones, back-up tapes, DLT, LTO, and other data storage devices onsite with staff witness or off-site at our secure processing facility Data Degaussing Mobile State-of-the-art LM-4 degausser is specially designed to destroy large quantities of magnetically-stored electronic media onsite at your facility with a staff witness or off-site at our secure processing facility Chain of Custody Auditing & Reporting Final documentation includes auditable inventory list of all IT assets that were recycled or destroyed as well as a Certificate of E-waste Recycling and Destruction for your records

24 Securis Recycling Process From Start to Finish Onsite removal service of all IT assets Downstream processing of parts in compliance with Zero-Export, Zero- Landfill policy Secure, End-to-End Process Scanning for auditable inventory list Physical disassembly of units at Securis s secure facility All units checked for data

25 Securis Background Experience 10+ years of experience in IT asset disposal and data destruction Locations 8 East Coast locations - Maryland franchise locations opened in 2013 Certifications R2 (recycling) and NAID AAA (data destruction) Customers Government (Federal, State and Local) Government Contractors Financial Institutions Healthcare Educational Institutions Technology Sector, etc.

26 Securis Process for Classified Data Destruction Compliant with DSS and NSA requirements Step-by-step written description of the Securis process for the destruction of government classified hard drives Onsite at the government or contractor s facility Off-site at Securis facility 26

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail. Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20

More information

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About

More information

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE IT ASSET DISPOSITION Technology is introduced to business workflows to increase productivity and boost earnings. When the time comes to remove off-lease and end-oflife IT assets, shouldn t those goals

More information

A Guide to Minimizing the Risk of IT Asset Disposition

A Guide to Minimizing the Risk of IT Asset Disposition A Guide to Minimizing the Risk of IT Asset Disposition Who is concerned about risk? They may not think about it terms of risk, but almost everyone at your organization is worried about the chinks in its

More information

Bedford County Tennessee

Bedford County Tennessee Bedford County Tennessee Digital Media and Hardware Disposal Policy Date: 08.31.11 Approved By: Chris White Policy Number: 1 P age 1.0 INTRODUCTION 3 1.1 Authority. 3 1.2 Purpose.. 3 1.3 Scope 3 1.4 Background.

More information

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.

More information

Destruction and Disposal of Sensitive Data

Destruction and Disposal of Sensitive Data Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives

More information

Secure Mobile Shredding and. Solutions

Secure Mobile Shredding and. Solutions Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled

More information

Samsung WEEE Management Policy (US and Canada)

Samsung WEEE Management Policy (US and Canada) Samsung WEEE Management Policy (US and Canada) 1. Purpose These requirements aim to minimize environmental impacts caused by all Electronic Waste generated by Samsung's US and Canadian operations and programs,

More information

Disposal & Destruction of Sensitive Data

Disposal & Destruction of Sensitive Data Disposal & Destruction of Sensitive Data Contents 1 Overview of Data Media Types 1.1 Non-Volatile Magnetic: Hard Disk Drives 1.2 Write Once Optical: CDROM and DVD- 1.3 Write Many Optical: CD-RW and DVD-RW

More information

Secure Data Destruction

Secure Data Destruction Secure Data Destruction Secure Data Elimination (Degauss) Onsite Magnetic Degaussing service eliminates data from Tape and Magnetic Hard Disk media Portable machines allow for degaussing to be competed

More information

Other terms are defined in the Providence Privacy and Security Glossary

Other terms are defined in the Providence Privacy and Security Glossary Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:

More information

Digital Data Destruction D3 Services, Inc.

Digital Data Destruction D3 Services, Inc. Audited 100% Data Destruction and Green Recycling An ISO 9002 Compliant Company GSA Catalog Nov 2009 Edition 9-03 General Service Administration Federal Supply Catalog Digital Data Destruction Services,

More information

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised: NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance

More information

No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt.

No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. No More Disks. No More Data. No More Doubt. Goodbye Disks. Goodbye Doubt. Data disposal can be a tricky path to navigate. You re looking for an answer, but there aren t many that are 100% reliable, can

More information

Challenges and Solutions for Effective SSD Data Erasure

Challenges and Solutions for Effective SSD Data Erasure Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional

More information

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder

More information

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate

More information

Data Security for ITAD, Corporate & Consumer Electronics

Data Security for ITAD, Corporate & Consumer Electronics Up cy cle \ ŭp-sỳ-kil\ v (ca. 2011) 1. the action of giving devices a second life 2. the mission to keep electronics out of landfills 3. to fund important causes without writing a check 4. to nearly double

More information

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually

More information

The nation s largest privately held records and information management company

The nation s largest privately held records and information management company The nation s largest privately held records and information management company Our mission is clear: to lead the records and information management industry by providing our clients the very best service.

More information

Arrow IT Asset Disposition Trends Report

Arrow IT Asset Disposition Trends Report IT Asset Disposition ITAD Trends Report Arrow IT Asset Disposition Trends Report The data is in, and IT-industry practitioners have made it clear that concern over data security is the number one reason

More information

Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization

Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization TECHNICAL REFERENCE DOCUMENT Technical Reference Document Summary of NIST Special Publication 800-88: Guidelines for Media Sanitization Recommendations Key Points: of the National Real world compliance

More information

Student Guide. informationsecurity.training@dss.mil

Student Guide. informationsecurity.training@dss.mil Short: Disposal and Destruction of Classified Information Objective POC Estimated completion time Identify the who, what, when, why, and how concerning disposal and destruction of classified information

More information

Best Practices for Responsible Disposal of Tape Media

Best Practices for Responsible Disposal of Tape Media Best Practices for Responsible Disposal of Tape Media The Environmental and Economic Benefits of Recycling vs. Destruction White Paper The Data Media Source San Jose, CA Data Media Source 2006 For use

More information

Media Disposition and Sanitation Procedure

Media Disposition and Sanitation Procedure Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...

More information

Understanding Data Destruction and How to Properly Protect Your Business

Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business Understanding Data Destruction and How to Properly Protect Your Business I. Abstract This document is designed to provide a practical

More information

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات - البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What

More information

Responsibly Retiring IT Assets, Medical or Laboratory Equipment

Responsibly Retiring IT Assets, Medical or Laboratory Equipment Responsibly Retiring IT Assets, Medical or Laboratory Equipment Agenda Introductions David Zimet, President, Hesstech, LLC Industry Overview Key Issues When Retiring Electronic Equipment Data Security

More information

Solid-State Drives with Self-Encryption: Solidly Secure

Solid-State Drives with Self-Encryption: Solidly Secure Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on

More information

IT asset disposal for organisations

IT asset disposal for organisations ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk

More information

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened

More information

Building an ITAD Program:

Building an ITAD Program: Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by

More information

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES Department of Culture and the Arts Government of Western Australia State Records Office of Western Australia SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES An Information Management Guideline for State

More information

Value Recovery Enterprise IT Asset Disposition

Value Recovery Enterprise IT Asset Disposition Value Recovery Enterprise IT Asset Disposition arrowvaluerecovery.com Enterprise IT Asset Disposition The world of Five Years Out is all about new thinking, new materials, new standards New everything.

More information

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding secure shredding Secure Shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Does This Sound Familiar? I want to protect my company s reputation and

More information

Data Destruction Demystified:

Data Destruction Demystified: 010101001011100100110011000101011 001010010010101000101101011010101 010011011010001101101101100101010 010010110101001001101101101110110 001101011001000101100110110110101 010010110110110100010110100101001

More information

Table of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery

Table of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery IT Asset Manager s Guide to Disposition As the person accountable for managing the life cycle of your organization s IT assets, you have a number of unique concerns in regard to the disposition of those

More information

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number: State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2

More information

Office Equipment Disposal Policy

Office Equipment Disposal Policy Office Equipment Disposal Policy R ISK MANAGEMENT HANDOUTS OF L AWYERS MUTUAL LAWYERS MUTUAL LIABILITY INSURANCE COMPANY OF NORTH CAROLINA 5020 Weston Parkway, Suite 200, Cary, North Carolina 27513 Post

More information

Preventing Final Disposition Data Breaches

Preventing Final Disposition Data Breaches Preventing Final Disposition Data Breaches How to Evaluate an ITAD Vendor for Your Organization By: Jim Kegley Founder, President and CEO, U.S. Micro Corporation The IT asset disposition (ITAD) industry

More information

Approved By: Agency Name Management

Approved By: Agency Name Management Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Media Protection Policy Every 2 years or as needed Purpose: The intent of the Media Protection Policy is to ensure the

More information

Does it state the management commitment and set out the organizational approach to managing information security?

Does it state the management commitment and set out the organizational approach to managing information security? Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated

More information

SJSU Electronic Data Disposition Standard

SJSU Electronic Data Disposition Standard SJSU Electronic Data Disposition Standard Page 1 Executive Summary University data is at risk as long as it is persistently stored on electronic media. This means that data must be properly cared for during

More information

Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media

Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media The Environmental and Economic Benefits of Recycling vs. Destruction White Paper Dual-Life Tape Company Dual-Life Tape Company

More information

Waste, Not! Recovering Value from Unused and Surplus IT Assets

Waste, Not! Recovering Value from Unused and Surplus IT Assets Waste, Not! Recovering Value from Unused and Surplus IT Assets A CNE Direct Whitepaper Contents 2 Introduction 3 The Asset-Value Recovery Landscape 4 Five Steps to Maximizing Asset-Value Recovery 6 Conclusion

More information

Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper

Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com

More information

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA OFFSITE DATA PROTECTION FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA Backup encryption should be one of many activities that formulate a comprehensive security strategy. In many environments, storage

More information

www.datasecurityinc.com 1-800-225-7554 sales@telesis-inc.com

www.datasecurityinc.com 1-800-225-7554 sales@telesis-inc.com www.datasecurityinc.com 1-800-225-7554 sales@telesis-inc.com Overview For more than 27 years Data Security Inc. has been manufacturing degaussers to support the Department of Defense (DoD) requirements

More information

T: 01 88 45 999 www.cyclonearchive.ie. Records Management Made Simple.

T: 01 88 45 999 www.cyclonearchive.ie. Records Management Made Simple. Records Management Made Simple. Document Storage Cyclone offers customers a complete end -to-end service including box collection, bar code tracking, document retrieval, delivery, and status reporting.

More information

(i.e., the user name and password) and any functions, routines, or methods that will be used to access the credentials.

(i.e., the user name and password) and any functions, routines, or methods that will be used to access the credentials. 1. Credential Policy General In order to maintain the security of MOD Mission Critical internal databases, access by software programs must be granted only after authentication with credentials. The credentials

More information

Trustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that?

Trustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that? Trustworthy Mobile Security for Smartphones, Tablets, etc. is there an App for that? intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com

More information

Sean O Leary Communications Director DestructData, Inc. February 1, 2011

Sean O Leary Communications Director DestructData, Inc. February 1, 2011 Working Summary NIST Special Publication 800-88 Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology Sean O Leary Communications Director DestructData,

More information

Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS

Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like

More information

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008.

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. Designing a Co m p l i a n t Re c o r d Retention Policy for Your Business This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. by Jenna

More information

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

Payment Card Industry (PCI) Policy Manual. Network and Computer Services Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology

More information

Managing Records: Retention, Destruction and Disposal

Managing Records: Retention, Destruction and Disposal Managing Records: Retention, Destruction and Disposal Presentation by Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, CT April 10, 2014 Today s Program Identify the universe of records involved Distinguish

More information

Audio & Video Sanitisation & Destruction Policy

Audio & Video Sanitisation & Destruction Policy Audio & Video Sanitisation & Destruction Policy The purpose of this document is to define the standards for destruction and sanitisation of security-classified media. The cope of this standard is all media,

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization

More information

Property Accounting Procedure Manual

Property Accounting Procedure Manual Property Accounting Procedure Manual Property Accounting Procedure 06-2013 1 Table of Contents Property Accounting Responsibilities... 3 General Guidelines Concerning Capital Equipment... 3 Acquisition...

More information

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES Cost-Effective, Legally Defensible Records Management Does This Sound Familiar? A data breach could send our share price tumbling. I need to minimise our

More information

CITY UNIVERSITY OF HONG KONG. Information Classification and

CITY UNIVERSITY OF HONG KONG. Information Classification and CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

TABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6

TABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6 GENERAL SERVICES ADMINISTRATION FEDERAL SUPPLY SERVICE 899-ENVIRONMENTAL SERVICES AUTHORIZED FEDERAL SUPPLY SCHEDULE PRICE LIST On-line access to contract ordering information, terms and conditions, up-to-date

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

PCI Data Security and Classification Standards Summary

PCI Data Security and Classification Standards Summary PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers

More information

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091 Document Control Title Electronic Media Disposal Number 091 Owner Information & Communication Technology Manager Contributors Information & Communication Technology Team Version 1.0 Date of Production

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

document destruction Our passion.

document destruction Our passion. document destruction Your office. Our passion. safeguard Our secure destruction service meets all the necessary compliances and helps to support ISO 9001, ISO 14001 and CSR objectives as well as improving

More information

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0 Information retention and disposal guide Date: 31 October 2014 Version: 2.0 Contents 01. Guidelines The data challenge 5 Compliance what is it and why is it important? 6 The compliant data journey 7 Case

More information

A comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost

A comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost A comprehensive tape storage solution that meets the need for back-up, archive, disaster recovery and application storage, while reducing your cost of ownership. What is datassure TM? From simple labelling

More information

**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED//

**************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED// **************** UNCLASSIFIED / **************** Precedence: ROUTINE DTG: 281759Z Aug 12 Originator: DON CIO WASHINGTON DC(UC) UNCLASSIFIED// FROM: DON CIO WASHINGTON DC TO: ASN(M&RA) ASN(RD&A) ASN(EI&E)

More information

OUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES

OUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES SERVICES OVERVIEW OUR SERVICES... ONSITE SERVICES Onsite Shredding Services Onsite Data Erasure Services Onsite Document Destruction Services Onsite Hard Drive Destruction Services Data Centre Decommissioning

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Recycling Electronics to Create Local Jobs for People with disabilities

Recycling Electronics to Create Local Jobs for People with disabilities A 501c3 Social Enterprise COLORADO SPRINGS ENVIRONMENTAL HEALTH & SAFETY REPORT Recycling Electronics to Create Local Jobs for People with disabilities www.bluestarrecyclers.com 2016 Blue Star Recyclers

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

Asset recovery Balancing risk and opportunity

Asset recovery Balancing risk and opportunity Asset recovery Balancing risk and opportunity Table of contents Executive summary...2 Risks and rewards in the asset recovery process...2 Opportunities in asset recovery...2 The challenge of the IT lifecycle...3

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9 Page 1 of 9 TITLE: INFORMATION SECURITY: DEVICE AND MEDIA CONTROLS POLICY: Reasonable steps are taken to protect, account for, properly store, back up, encrypt and dispose of hardware, paper and electronic

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

University of Wisconsin-Madison Policy and Procedure

University of Wisconsin-Madison Policy and Procedure Page 1 of 6 I. Policy UW-Madison strives to ensure the privacy and security of all patient/clients protected health information in the maintenance, retention, and eventual destruction/disposal of such

More information

Copier Data Security:

Copier Data Security: Copier Data Security: A Guide for Businesses Federal Trade Commission business.ftc.gov Does your company keep sensitive data Social Security numbers, credit reports, account numbers, health records, or

More information

Copier Data Security:

Copier Data Security: Copier Data Security: A Guide for Businesses Federal Trade Commission business.ftc.gov Does your company keep sensitive data Social Security numbers, credit reports, account numbers, health records, or

More information

Contents. Instructions for Using Online HIPAA Security Plan Generation Tool

Contents. Instructions for Using Online HIPAA Security Plan Generation Tool Instructions for Using Online HIPAA Security Plan Generation Tool Contents Step 1 Set Up Account... 2 Step 2 : Fill out the main section of the practice information section of the web site.... 3 The next

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

www.williamsdatamanagement.com 323-234-3453

www.williamsdatamanagement.com 323-234-3453 www.williamsdatamanagement.com 323-234-3453 RECORDS MANAGEMENT Since 1922, Williams has provided its clients world class services and technologies ensuring the safety, security, and protection of their

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

http://www.guardianedge.com/

http://www.guardianedge.com/ Full Disk Encryption & IT Asset Disposition: Protecting Data During the PC Disposal Process A GuardianEdge White Paper 4/7/2006 The information contained in this document represents the current view of

More information

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)

Computer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1) Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)

More information

Record Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction

Record Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction Record Custodian to Health Information Steward Best Practices in Record Retention, Storage, and Destruction Indian Health Services Health Information Management Meeting Sharon Lewis, MBA, RHIA, CHPS, CPHQ

More information

Hard Drive Retention Offering for Xerox Products in the United States

Hard Drive Retention Offering for Xerox Products in the United States Hard Drive Retention Offering for Xerox Products in the United States November 19, 2013 2013 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the

More information

Beazley presentation master

Beazley presentation master The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity

More information

Keep Your Data Secure: Fighting Back With Flash

Keep Your Data Secure: Fighting Back With Flash Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up

More information

There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened.

There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened. Data Spills Short Introduction There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened. When data spills occur, they

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

Get rid of it Securely to keep it Private

Get rid of it Securely to keep it Private Get rid of it Securely to keep it Private Best Practices for the Secure Destruction of Personal Health Information Information and Privacy Commissioner, National Association for Information Destruction,

More information

Protecting MIT Data. State Laws & Regulations. T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia

Protecting MIT Data. State Laws & Regulations. T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia Protecting MIT Data T. McGovern, M. Yeaton, M. Halsall, S. Burke, B. DiMattia State Laws & Regulations General Laws, Chapter 93H: Massachusetts Data Breach Law, outlines when to notify (2007) 201 CMR 17.00:

More information

www.infoshred.com LLC Your key to secure information management.

www.infoshred.com LLC Your key to secure information management. www.infoshred.com LLC Your key to secure information management. History of the Company Infoshred began in 1993 as a division of Recyclers LLC, a South Windsor, CT recycling business. Its creation was

More information

Lexmark Printers and Multifunction Products: Hard Disk and Non-Volatile Memory Guide

Lexmark Printers and Multifunction Products: Hard Disk and Non-Volatile Memory Guide Lexmark Printers and Multifunction Products: Hard Disk and Non-Volatile Memory Guide This guide applies to the following Lexmark devices: Printers C780 C782 C935 T640 T642 T644 Multifunction Products X646

More information