IT Equipment Disposal Policy
|
|
- Francis Henry
- 8 years ago
- Views:
Transcription
1 IT Equipment Disposal Policy ACKNOWLEDGEMENTS... 2 EXECUTIVE SUMMARY ISSUES & OPPORTUNITIES Conflicting policies OBJECTIVES SCOPE Ownership Stewardship Definitions GENERAL POLICY CONSIDERATIONS Policy regarding both reuse and recycling Life Cycle Management of IT equipment Notification of reuse/recycling of IT equipment Data security Policy regarding reuse only Within the faculty, department, or service unit Within McGill University External to McGill University Software licensing Policy regarding recycling only Environmental responsibility RECOMMENDED PROCEDURES Procedures regarding both reuse and recycling Life Cycle Management of IT equipment Notification of reuse/recycling of IT equipment Data security Procedures regarding reuse only Within a faculty, department, or service unit Page1
2 5.2.2 Within McGill University External to McGill University Software licensing Procedures regarding recycling only Environmental responsibility APPENDIX A Recommended Responsibilities APPENDIX B Participants ACKNOWLEDGEMENTS The development of this policy benefitted from the participation of a diverse representation of several McGill units (a complete list of participants can be found in APPENDIX B Participants): Faculty of Arts Desautels Faculty of Management Information Security IT Customer Services Faculty of Medicine Network and Communications Services Procurement Services Office of Sustainability University Services Page2
3 EXECUTIVE SUMMARY This document recommends a policy regarding the disposal and/or reuse of unwanted IT equipment purchased with operating funds at McGill University. McGill operating funds are invested in new IT equipment to replace obsolete and end of life equipment but what happens to all this old equipment? Is there still any residual value or confidential information contained within? Does the equipment end up in the garbage, is it recycled (in a responsible manner), is it given away to employees/students, or is it donated to unknown organizations? While McGill may know how much IT equipment is purchased each year, does the University know how much is actually replaced and/or disposed of? This IT Equipment Disposal Policy (ITEDP) will address all these issues. It is an opportunity to be responsible not only for the purchase and maintenance of IT equipment with operating funds, but also for their disposal, be it by reuse (elsewhere within McGill), recycling, reselling, or destruction all in a secure (including disk wiping), responsible, and accountable manner. For functional IT equipment that can be reused elsewhere in another unit, McGill will need to implement a university wide communications tool to publicize its availability. For IT equipment destined to be recycled/destroyed, a McGill designated group the ITEDP proposes McGill Hazardous Waste Management should be authorized to collect and process the equipment in a secure and responsible manner. Finally, overseeing the life cycle management of all IT equipment at McGill University will require resources and funding. To this end, the ITEDP proposes that McGill Procurement Services be responsible for purchasing, establishing sustainability fees, amortization schedules, reuse/disposal, etc. of all IT equipment. Procurement Services and McGill IT Services will assist in determining the IT equipment value, where value refers not only to the monetary amount (Procurement Services), but also to its usefulness and to any data (confidential or otherwise) contained therein (IT Services). Page3
4 1 ISSUES & OPPORTUNITIES In an era where computers, laptops, mobile devices, printers, servers and storage as well as all their associated accessories monitors, hard drives, scanners, chargers, memory media, etc. are evolving at an ever quickening pace, today s cutting edge technology becomes obsolete in a matter of just a few years. McGill operating funds are invested in new IT equipment to replace obsolete and end of life equipment but what happens to all this old equipment? Is there still any residual value or confidential information contained within? Does the equipment end up in the garbage, is it recycled (in a responsible manner), is it given away to employees/students, or is it donated to unknown organizations? While McGill may know how much IT equipment is purchased each year, does the University know how much is actually replaced and/or disposed of? Different McGill faculties, departments, and service units use different IT equipment disposal methods. McGill can develop a process to combine the best practices of all McGill faculties, departments, and service units, and benefit from the lessons learned. IT equipment is improperly disposed of when it could be reused elsewhere within McGill. McGill can develop a process to enable all faculties, departments, and service units to reuse unused and non required IT equipment, thereby reducing expenses. Many McGill faculties, departments, and service units do not dispose of their IT equipment in an environmentally safe and responsible manner. As the University strives to be recognized as an environmentally safe and responsible institution of learning and as a model of environmentally responsible living 1, McGill can develop a process to help achieve this throughout the life cycle of IT equipment use, by promoting the purchase of environmentally preferable IT products, promoting responsible use to prolong product life and reduce unnecessary energy consumption, and assuring proper disposal practices do not contravene the Basel Convention 2. IT equipment disposal without proper guidance and control from the IT department can lead to serious security problems and software licensing violations. McGill can develop a process to ensure that all data are properly wiped from any type of IT equipment prior to its disposal. In the case of reuse, this process can ensure that prevailing software licensing agreements are respected. 1.1 Conflicting policies The University will need to address any existing conflicting policies as well as establish policy precedence regarding the purchasing of equipment with multiple fund types (e.g., research, operating). 1 Environmental Policy for McGill University ( 2 The Basel Convention ( on the Control of Transboundary Movements of Hazardous Wastes and their Disposal is the most comprehensive global environmental treaty on hazardous and other wastes. It aims to protect human health and the environment against the adverse effects resulting from the generation, management, transboundary movements and disposal of hazardous and other wastes. Page4
5 2 OBJECTIVES The IT Equipment Disposal Policy (ITEDP) aims first to propose to the Vice Principal, Administration & Finance a policy on how to properly dispose of IT equipment that is no longer needed at McGill University (see section 4). There are several factors that must be addressed with regard to proper disposal : how the equipment should be disposed of (reuse, recycle, environmental responsibility) commercial, sustainability, and security aspects existing or required procedures and/or tools The ITEDP will then recommend how this policy may be actualized and by whom (see section 5): requirements to actualize the proposed policy items suggested tactics (see APPENDIX A Recommended Responsibilities) 3 SCOPE This policy applies to any designated IT Equipment that has been purchased, in whole or in part, with McGill operating funds, capital funds, matching funds, donations, or student funds, and thus deemed to be owned by McGill University. This policy does not apply to equipment purchased entirely with research funds or private funds. IT equipment subject to this policy is equipment deemed to be no longer desirable or useable by the owner (or steward; see section 3.1.1). This may be because the equipment is obsolete, broken, end oflife, or no longer needed. This policy applies to all McGill units. Any exceptions shall be subject to approval by the Vice Principal (Administration & Finance). 3.1 Ownership The Owner of all IT equipment covered in this policy is McGill University Stewardship The Owner may delegate control to a Steward. This may typically be the fund manager of the funds used to purchase the equipment. As such, the Steward is delegated to: maintain appropriate inventory for all delegated equipment ensure the proper use of the equipment maintenance assign equipment to individual users insure the equipment (refer to Property insurance at transfer equipment dispose of zero value equipment These duties extend to equipment located or regularly used off McGill property. Page5
6 The Steward may transfer equipment between users within their domain without the express permission of the Owner or users (e.g., Administrative Desktops within a faculty). The Steward may not transfer equipment to other users outside their domain without the express permission of the Owner (e.g., Academic Laptops). 3.2 Definitions Designated IT equipment covered by this policy refers to the following equipment: desktop computers laptop computers, electronic pads, and ebook readers computer screens and television sets printers, scanners, fax machines, and photocopiers (including multi functional devices) cellular and satellite telephones, including smartphones conventional and wireless telephones, pagers, and answering machines keyboards, mouses, cables, connectors, chargers, and remote controls video game consoles and their peripherals, projectors designed for use with electronic equipment, readers, recorders, burners sound, image and wave storage devices, amplifiers, equalizers, digital receivers, and speakers designed for use with an audiovisual system portable digital players, radio receivers, docking stations for portable digital players and other portable devices, walkie talkies, digital cameras, digital photo frames, camcorders, and global positioning systems routers, servers, hard drives, memory cards, USB keys, speakers, webcams, earphones, wireless devices, and other accessories such as spare parts, etc. Used equipment refers to any IT equipment that isn t new but is still functional. Such equipment may become available because, for example, it has been replaced by different or newer equipment. End of Life (EoL) Equipment refers to any IT equipment that is too damaged, broken, or old to be functional. This equipment should be identified as material for recycling. Disposal refers to the final placement or removal of wastes, excess, and scrap under proper process and authority with no intention to retrieve. Disposal may be accomplished by recycling. Reuse refers to the re purposing (e.g., via transfer, donation, sale) of unwanted IT equipment that may still be found useful elsewhere: within the original faculty, department, or service unit within the University in another faculty, department, or service unit external to McGill University Recycling refers to the dismantling and destruction of unwanted IT equipment in an environmentally responsible manner. Recycling does not entail the refurbishment of equipment for reuse elsewhere. Page6
7 4 GENERAL POLICY CONSIDERATIONS 4.1 Policy regarding both reuse and recycling Life Cycle Management of IT equipment Life Cycle Management of all IT equipment shall be provided by McGill Procurement Services, to be funded by a sustainability fee imposed at the time of purchase of the IT equipment Notification of reuse/recycling of IT equipment For the purpose of Life Cycle Management, the Steward shall advise Procurement Services of any IT equipment being disposed of Data security Any IT equipment earmarked for disposal (reuse and recycling) must undergo a proper data cleansing process. All data must be removed, including the wiping of all hard disks and any other data storage devices found on the equipment. 4.2 Policy regarding reuse only The Steward may not unilaterally decide where or how to dispose of unwanted IT equipment. Unwanted IT equipment may not be given or sold to individuals for personal use. The Steward shall search through the following, in order, for any need for the unwanted IT equipment Within the faculty, department, or service unit The Steward shall check within their faculty, department, or service unit for an eligible recipient. Unwanted IT equipment cannot be given to to individuals for their personal use Within McGill University Should an eligible recipient not be found within their faculty, department, or service unit, the Steward shall advertise/communicate the availability the unwanted IT equipment throughout the University External to McGill University Should an eligible recipient not be found within the University, the Steward may donate the unwanted IT equipment to a recipient external to McGill University, that is on a list of eligible charities and/or nonprofit organizations approved by Procurement Services. A contract shall be signed by the recipient, absolving McGill University of any responsibility related to support or follow up Software licensing For any computer IT equipment destined for reuse, the wiped hard disk shall be subsequently re imaged with the appropriate operating system in accordance with any prevailing software licensing agreements. 4.3 Policy regarding recycling only McGill Hazardous Waste Management shall be responsible for the recycling (i.e., destruction) of unwanted IT equipment that cannot be reused anywhere within or external to the University. Only the Steward of the IT equipment is authorized to initiate the recycling procedure. Page7
8 4.3.1 Environmental responsibility Hazardous Waste Management shall ensure that all unwanted IT equipment is delivered to an eligible recycling service (approved by the McGill Office of Sustainability) that will dismantle and destroy (i.e., not reuse) the IT equipment in an environmentally responsible way. Page8
9 5 RECOMMENDED PROCEDURES 5.1 Procedures regarding both reuse and recycling Before changing the use of, transferring, or disposing of IT equipment, the Steward shall consult with all Fund Managers or other parties (e.g., student groups) who contributed to the purchase of the IT equipment. The Steward shall handle any objections by referring to the previously stated policies Life Cycle Management of IT equipment Procurement Services will be responsible for the Life Cycle Management of all IT equipment, from its acquisition to its disposal Asset management McGill University shall have an overarching sustainable procurement and asset management policy, intricately tied to the University s sustainability and environmental policies. This policy would provide general orientations for the life cycle and optimization of equipment, devices, goods, and even services purchased by McGill. At the same time, all other departments and administrative units may collaborate in this success by providing technical or specific expertise (helping to identify the most sustainable products and services) and offering day to day support to the achievement of sustainability objectives. While all members of the McGill community may play a role in attaining these objectives, Procurement Services shall provide the vision and the coordinating function to ensure McGill s sustainable use of resources. The life cycle management of used/eol IT equipment requires the establishment of clear Universitywide procedures for particular asset management purposes. Moreover, the implementation of the University s 3R (reduce, reuse, recycle) management objectives requires oversight, and the establishment of clear communications to support an optimal deployment of resources. An asset management system will be instrumental to Procurement Services in achieving these objectives. Asset tracking software will enable McGill administrators to conduct comprehensive and cost effective physical audits of the University s IT equipment Acquisition Sustainability and life cycle thinking will guide Procurement Services, encouraging them to practise the following as it applies to IT equipment: Follow the 3R hierarchy, including questioning the frequency at which equipment is renewed or deployed, promoting reuse of equipment before allowing new equipment to be purchased (although certain technological constraints are unavoidable). It also implies extending the useful life of equipment, whether within the University or externally. Identify and use (wherever possible) sustainability criteria, such as certifications and eco labels (e.g., ENERGY STAR and/or Electronic Product Environmental Assessment Tool (EPEAT) Silver and/or Gold registered products), which should be considered in purchasing decisions. Consider the broader economic, social, and environmental impacts of purchases. Track the quantities/types of equipment as well as storage systems (e.g., existence of hard drives), to help plan (from the start) future flow of used/eol equipment and related management activities. Page9
10 Implement a sustainability fee at the time of purchase to fund these life cycle management initiatives. Any IT equipment categorized as Computing Equipment (charged to account code 70006) will be depreciated over three (3) years in accordance with the amortization schedule set by the Ministère de l Éducation, du Loisir et du Sport (MELS). This will establish a schedule of residual value at the time of purchase Disposal Market value at time of disposal Procurement Services will have developed guidelines that they shall use when receiving offers from external refurbishing/reuse/recycling businesses interested in buying equipment, to efficiently and effectively define market values of IT equipment Zero value Zero value is defined by the usefulness of the equipment to McGill University. Equipment shall be disposed of in a manner consistent with this policy when the Steward, in consultation with McGill IT Services, deems the equipment to be of no useful value to McGill University. Data stored on the equipment shall be treated as a separate but related issue. All data stored on the equipment shall be properly offloaded before transfer or disposal of said equipment. In some cases, the value of the data may be greater than the value of the equipment, which may dictate a method of equipment disposal, or even the possibility of equipment transfer. Equipment that is of zero value to the University may be of value to others, as spare parts or in its entirety. The disposal process outlined in this policy includes the potential reuse of the equipment by others Notification of reuse/recycling of IT equipment In order to maintain the integrity of the Life Cycle Management of IT equipment, the Steward shall notify Procurement Services of any IT equipment being reused/recycled. This notification shall be in the form of a document, , or facsimile Data security McGill Network and Communications Services (NCS) shall be responsible for the data cleansing of any IT equipment before being made available for reuse/recycling. The removal of data remnants is an important issue that shall be taken into consideration when disposing of equipment. In many cases, even when files are deleted or disks formatted, data may still remain. This data may include confidential and/or sensitive documents, saved credentials, product keys, etc. Such data remnants have led to several high profile data loss incidents, thus a proper data cleansing process shall occur to ensure that data does not escape, even when disks are not to be reused Hard drives Hard drives are used not only in computers, laptops, and servers, but also in multi functional devices (printers, photocopiers) and some portable digital players. Hard drive wiping may be achieved through several methods which fall into three categories: software, hardware, and physical. Page10
11 Software In the case of data deletion by software, a system is told to overwrite a file/partition/disk with data on a sector by sector basis. This data may be generated via a number of algorithms, zeros, or a randomly generated character Hardware Due to increased attention given to data loss, the hard drive manufacturing industry has introduced a SecureErase feature on newer hard disks. This function, built directly into the hardware and triggered by the firmware, wipes the platters on a sector by sector basis including sectors which may not be written/read by software wiping solutions. Furthermore, since the writing is performed from within the disk and not by external software, the process is noticeably faster Physical At times, due to hardware issues, physical destruction may be necessary. This may be performed via high powered degaussing (removing the charge from the platters) or physical destruction (industrial shredding) to prevent reconstruction Solid State Drives With any emerging technology, there may be growing pains associated with the adaptation of traditional processes. One such issue arises with the introduction of Solid State Drives (e.g., USB memory keys, SD memory cards). Due to wear levelling and performance reasons, overwriting may not consistently clear content, nor will a full disk overwrite BIOS/CMOS and other memory While most of the data in an electronic device would be localized to the dedicated storage device, information may also be found in other areas. For example, the BIOS/CMOS may house configuration data containing infrastructure details, such as a common BIOS/CMOS password or an IP address for system management. While in many cases this information may not be overly critical, items such as the BIOS/boot password may hinder reuse of the device and shall be cleared as a courtesy Rules/standards/guidelines Due to the inherent dangers related to the processing and storage of certain data, many regulations have been drafted in order to help protect the data and the various entities which may be affected. Many of these regulations also specify conditions and requirements for data sanitization once the data or IT equipment has outlived its usefulness. There are several laws and regulations that relate to data retention and data sanitization on storage devices, including: Personal Information Protection and Electronic Documents Act (PIPEDA) Payment Card Industry Data Security Standard (PCI DSS) Furthermore, when dealing with data or equipment associated with various projects, agreements with the data as well as the grant stewards may contain stipulations outlining the requirements for data sanitization or destruction. Care shall be taken when signing agreements to read the fine print related to data access, in order to ensure that any additional requirements for secure erasure are met. 5.2 Procedures regarding reuse only Reuse of equipment at McGill shall be encouraged. The most sustainable and fiscally responsible way to dispose of functional IT equipment that is of zero value is to redeploy it within McGill. Page11
12 Manufacturing and EoL accounts for the majority of an IT equipment s ecological footprint, hence the most sustainable practice is to extend the life of that equipment as much as possible. To optimize the resources spent on making the equipment, it shall be used for as long as possible, reusing it as often as possible, and then recycled when no longer useable. The life of the equipment may be extended either through component upgrades (e.g., RAM) or through redeployment on or off campus Within a faculty, department, or service unit If the IT equipment is still functional, the Steward may choose to reuse the equipment within their department, provided that data security protocols and software licensing agreements have been adhered to Within McGill University Procurement Services is responsible for implementing an effective means for communicating the availability of IT equipment as required to ensure that assets are not recycled when they could be reused. Stewards shall advertise the available IT equipment for a pre determined minimum length of time External to McGill University The Steward shall select a recipient from a list of eligible charities and/or non profit organizations. The Steward may not arbitrarily donate to a charity/organization of their own choosing or preference that is not on the approved list. The list of eligible charities and/or non profit organizations shall be prepared and approved by Procurement Services, in accordance with the following criteria: The recipient organization s mission statement is in line with that of McGill s There is no conflict of interest between McGill and the recipient organization o No one at McGill stands to gain or profit from the donation The recipient organization does not appear on any Government or McGill University blacklist When donated to another, off campus location, it shall become the responsibility of the recipient to direct the IT equipment to a responsible location at the end of its life. No follow up or monitoring will be done on donated IT equipment. Procurement Services will have developed a contract to this effect, to be signed by the recipient Software licensing McGill IT Customer Services (ICS) shall be responsible for any re imaging of hard drives and installation of any supported software, always in accordance with any prevailing software licensing agreements. 5.3 Procedures regarding recycling only The Steward (with the help of IT support personnel) may determine that unwanted IT equipment is unsuitable for any reuse, and that it shall be recycled (i.e., destroyed) as arranged by Hazardous Waste Management. Page12
13 5.3.1 Environmental responsibility Hazardous Waste Management shall select a recycling service from a list of eligible recycling services. Hazardous Waste Management may not arbitrarily deliver to a recycling service of their own choosing or preference that is not on the approved list. The list of eligible recycling services shall be prepared and approved by the McGill Office of Sustainability, in accordance with the following criteria: The recycling service s mission statement is in line with that of McGill s There is no conflict of interest between McGill and the recycling service o No one at McGill stands to gain or profit from the use of this recycling service The recycling service dismantles, destroys, and recycles IT equipment in an environmentally responsible way o Their disposal practices do not contravene the Basel Convention The recycling service does not appear on any Government or McGill University blacklist Page13
14 APPENDIX A Recommended Responsibilities The following responsibility assignment (RACI) matrix illustrates who would be responsible for recommendations outlined in the ITEDP. FUNCTION HAZARDOUS IT SERVICES PROCUREMENT OFFICE OF STEWARD WASTE SECTION DESCRIPTION SERVICES SUSTAINABILITY MANAGEMENT CIO NCS ICS Life cycle management of I AR I C C IT equipment Asset management I AR C I C C C Acquisition I AR I C C Disposal I R A C I C C C Notification of reuse/recycling of IT equipment R I A I C C Data security I I I AR IR C Reuse of IT equipment Within a faculty, department, AR I I or service unit Within McGill University R A I I I External to McGill I AR C I I University Software licensing I C A R Recycling of IT equipment Environmental responsibility I R A C I Responsible Accountable Consulted Informed Info Sec Page14
15 APPENDIX B Participants This document is the result of several meetings with and the contribution of the following participating McGill faculties and departments: Faculty of Arts o Sunny Galiza o Gillian Lane Mercier o Suzanne Morton Desautels Faculty of Management o Michelle Forsythe Information Security o Dennis Hayson Wong IT Customer Services o Gary Wilkes Faculty of Medicine o Boyko Kouchev Network and Communications Services o Gary Bernstein o Ronald Pau o Debra Simpson Procurement Services o Youssef Azad o Kathy Zendehbad Reboot McGill o Joshua Kyle Office of Sustainability o Dennis Fortune o Kathleen Ng University Services o Christian Bouchard Page15
McGill University IT Asset Management Regulation
Publication Date May 8, 2015 Revision V 1.1 McGill University IT Asset Management Regulation OVERVIEW McGill University seeks to provide its community with the necessary IT equipment, infrastructures and
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationWHO SHOULD READ THIS POLICY
NEW YORK UNIVERSITY Asset Management Policies & Procedures (October, 2010) POLICY STATEMENT New York University requires every school, department, or unit to acquire, record, inventory, and dispose of
More informationFederal Sustainable Print Management Policy Template
Introduction The policy language in this document is provided as an example of the type of language your organization can include in a print management policy, directive, memorandum, or guidance (in italics
More informationU.S. DEPARTMENT OF THE INTERIOR OFFICE OF SURFACE MINING RECLAMAION AND ENFORCEMENT DIRECTIVES SYSTEM
U.S. DEPARTMENT OF THE INTERIOR OFFICE OF SURFACE MINING RECLAMAION AND ENFORCEMENT DIRECTIVES SYSTEM Subject: Hardware and Software Management Approval: Brent Wahlquist Subject Number: IT-2 Transmittal
More informationGuidance on Personal Data Erasure and Anonymisation 1
Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data
More informationSEC Partner Teleconference September 29, 2010
SEC Partner Teleconference September 29, 2010 What is the Problem? Computer hardware is expected to last 7 years Equipment purchased by institutional and commercial buyers is used for an average of 3 years
More informationPolicy: Information Technology Refresh Policy
IT Refresh Policy Policy: Information Technology Refresh Policy Policy Statement CITATION REFERENCE Official Title: Information Technology Refresh Policy Abbreviated Title: IT Refresh Policy Volume: CCGA
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationWorkstation Management
Workstation Management Service Description Version 1.00 Effective Date: 07/01/2012 Purpose This Service Description is applicable to Workstation Management services offered by MN.IT Services and described
More informationHARD DRIVE REMARKETING
A PUBLICATION BY HORIZON TECHNOLOGY THE SUPPLY CHAIN PROFESSIONAL S GUIDE TO HARD DRIVE REMARKETING THE INTRODUCTORY GUIDE TO HARD DRIVE DISPOSITION & REMARKETING TO MAXIMIZE COMPANY PROFIT TABLE OF CONTENTS
More informationForm #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services
Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.
More informationPolicy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media
Policy for the Re-use and Disposal of Computers, other IT Equipment and Data Storage Media The University has legal obligations to ensure that all computers, IT equipment, and data storage media (e.g.
More informationUniversity of Liverpool
University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014
More informationInformation Technology Asset Management: Control and Compliance
Information Technology Asset Management: Control and Compliance Information Technology Asset Management is the oversight and management of an organizations IT assets hardware, software and associated service
More informationElectronic Crime Scene Investigation: A Guide for First Responders, Second Edition
APR. 08 Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition Cover photographs copyright 2001 PhotoDisc, Inc. NCJ 219941 Chapter 1. Electronic Devices: Types, Description,
More informationTechnology Evergreening
IT 02 Technology Evergreening Classification: Responsible Authority: Executive Sponsor: Approval Authority: Date First Approved : 2006.02.01 Date Last Reviewed: 2011.11.23 Mandatory Review Date: 2016.11.23
More informationState of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:
State of Vermont Digital Media and Hardware Disposal Standard Date: Approved by: Policy Number: 1.0 INTRODUCTION... 3 1.1 Authority... 3 1.2 Scope and Purpose:... 3 2.0 STANDARD... 3 2.1 Preface... 3 2.2
More informationGreen IT 2012: Sustainable Electronics
Green IT 2012: Sustainable Electronics DOE Sustainability Assistance Network July 19, 2012 Cate Berard Federal Electronics Challenge and EPA Jeff Eagan Office of Sustainability Support (HS 21) 1 Outline
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationCITY UNIVERSITY OF HONG KONG. Information Classification and
CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationAsset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business
Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Allow AMI to unlock the value in your redundant IT equipment by extending the lifecycle of your
More informationWe are the solution. erecycling. We have the solution. made easy.
We have the solution. erecycling made easy. Nowadays, business and technology go hand in hand. But what happens to those old or unwanted electronics? The answer, more often than not, is: nothing. We stack
More informationDell Service Description
Dell Service Description IT Asset Donation - EMEA Introduction Dell is pleased to provide Asset Resale and Recycling Services (the Service(s) ) in accordance with this service description (the Service
More informationRowan University Data Governance Policy
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
More informationMOUNT HOLYOKE COLLEGE. LITS Computer Replacement and Support Strategy for Faculty and Staff Computers
MOUNT HOLYOKE COLLEGE Revised 3/27/12 LITS Computer Replacement and Support Strategy for Faculty and Staff Computers This document outlines the Computer Replacement and Support Strategy for faculty and
More informationStandard Information Communications Technology. Multifunction Device. January 2013 Version 2.2. Department of Corporate and Information Services
Standard Information Communications Technology January 2013 Version 2.2 Corporate and Information Services Document details Document Title Contact details File name Version 2.2 Date issued January 2013
More informationSome important words and phrases:
Some important words and phrases: Cloud Computing Open Source software/application Proprietary brand software/application Accelerometer Wireless charging mat Bandwidth Latency IMAP/4 POP3 SMTP Cloud computing
More informationFIXED ASSET GUIDELINES
2010 FIXED ASSET GUIDELINES ISSUED APRIL 2010 Table of Contents 1.0 INTRODUCTION... 1 2.0 DEFINITIONS... 1 3.0 DEFINING FIXED ASSETS... 2 3.1 Explanation of what constitutes a MUN fixed asset.... 2 3.2
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationSMTD Computer Hardware and. Software Asset Inventory Policy
SMTD Computer Hardware and Software Asset Inventory Policy Effective Date: May 18, 2015 Purpose: With a considerable amount of computer hardware and peripherals both on and off-campus, maintaining an accurate
More informationARKANSAS TECH UNIVERSITY
ARKANSAS TECH UNIVERSITY INVENTORY CONTROL MANUAL SEPTEMBER 2005 PROPERTY MANAGEMENT OFFICE 204 BRYAN EXT. 6087 FAX 968-0227 INTRODUCTION The purpose of this Inventory Manual is to present a uniform method
More informationHardware and Software
Hardware and Software Purpose Bellevue School District (BSD) provides and requires faculty, staff and students to use data processing equipment and peripherals. BSD maintains multiple computer systems
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationPOLICY ON COMPUTER PROVISIONING
Effective Date: July 1, 2013 Supersedes /Amends: November 16, 2010 Originating Office: Office of the Vice-President, Services Policy Number: VPS-32 PURPOSE Client Computers (as defined below) are intended
More informationCSG Windows Support Policy
CSG Windows Support Policy This document describes the policies for service and support of computers running Microsoft Windows used by faculty and staff in the departments of Computer Science, Mathematics
More informationAxis Technologies Computer Hardware and Electronics Portfolio Categories
Axis Technologies Computer Hardware and Electronics Portfolio Categories SEPTEMBER 2008 Barebone Accessories Barebone Systems Media Center Barebone Systems Mini / Booksize Barebone Systems Bluetooth Headsets
More informationLOCAL E-CYCLING RESOURCES
LOCAL E-CYCLING RESOURCES Best Buy Dell Inc. Gateway Location: 217 Independence Blvd and 3334 Princess Anne Road What they accept: In store recycling programs include: cell phones, rechargeable batteries
More informationA Guide to Minimizing the Risk of IT Asset Disposition
A Guide to Minimizing the Risk of IT Asset Disposition Who is concerned about risk? They may not think about it terms of risk, but almost everyone at your organization is worried about the chinks in its
More informationLaptops, Notebooks, & Netbooks. Tablet Computers. Servers, Server Modules, & Data Storage Equipment
Laptops, Notebooks, & Netbooks Tablet Computers Servers, Server Modules, & Data Storage Equipment Portable Audio Video Products Baby Monitors & Camera Systems Digital & Non-Digital Cameras (Includes traditional
More informationWhy does the program purchase computers instead of leasing them?
General Questions What is the FAS Refresh Program? Harvard University Information Technology (HUIT) provides a computer lifecycle management service to FAS departments, including acquisition, set up, management,
More informationPOLICY AND PROCEDURE FOR THE DISPOSAL OF AN ASSET
POLICY AND PROCEDURE FOR THE DISPOSAL OF AN ASSET POLICIES Scope Assets are the property of the University and it is therefore essential that the act of disposing of an asset is in accordance with University
More informationTable of Contents General Policy for service provided by the CLAS Linux Support team... 2
Table of Contents General Policy for service provided by the CLAS Linux Support team... 2 Overview... 2 Defined Support... 2 Support... 2 Operating Systems... 2 Support Restrictions... 3 Software Support...
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationAsset Management Equipment Redeployment And Termination Services. A Service Offering From Data Center Assistance Group, Inc.
DCAG Data Center Assistance Group, Inc. Revision Date: 5/20/2013 Asset Management Redeployment And Termination Services A Service Offering From Data Center Assistance Group, Inc. (DCAG) Prepared by: Thomas
More informationINFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY
INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY Version: 1.4 Ratified by: Date Ratified: 14 October 2014 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued:
More informationBTEC First Diploma for IT. Scheme of Work for Computer Systems unit 3 (10 credit unit)
BTEC First Diploma for IT Scheme of Work for Computer Systems unit 3 (10 credit unit) Overview On completion of this unit a learner should: 1 Know the of 4 Be able to. Num of hours Teaching topic Delivery
More informationHow To Destroy Data From A Hard Drive
Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened
More informationIntroduction and Purpose... 2 Scope... 2 Auxiliary units... 2. Part-Time, Temporary faculty/staff, Volunteer, Contractor and Student Assistants...
Contents Workstation Refresh & Virtual Desktop Infrastructure Program Introduction and Purpose... 2 Scope... 2 Auxiliary units... 2 Part-Time, Temporary faculty/staff, Volunteer, Contractor and Student
More informationCity of Columbia, MO Information Technologies
City of Columbia, MO Information Technologies Strategic Plan 2016 2019 Vision Our vision is to enable the City to achieve its strategic goals and objectives, match technology to changing business needs,
More informationInformation Security Operational Procedures Banner Student Information System Security Policy
Policy No: 803 Area: Information Technology Services Adopted: 8/6/2012 Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides
More informationSTCC Hardware & Equipment Policy
STCC Hardware & Equipment Policy The Help Desk will be the primary point of contact for all related support requests. The preferred method of contact is via email at helpdesk@stcc.edu or, if email is unavailable,
More informationAmes Consolidated Information Technology Services (A-CITS) Statement of Work
Ames Consolidated Information Technology Services (A-CITS) Statement of Work C.1 Mission Functions C.1.1 IT Systems & Facilities Support System Administration: The Contractor shall provide products and
More informationDublin City University
Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset
More informationDIVISION OF INFORMATION SECURITY (DIS)
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Information Systems Acquisitions, Development, and Maintenance v1.0 October 15, 2013 Revision History Update this table every time a new
More informationROYAL AUSTRALASIAN COLLEGE OF SURGEONS Division Resources Ref. No. RES-INT-010 Department Information Technology Asset Management
1. PURPOSE AND SCOPE The purpose of this policy is to define the management of Iinformation Technology (IT) assets of the IT at the Royal Australasian College of Surgeons (the College). 2. KEYWORDS, Assets,
More informationRemote Desktop Services
Remote Desktop Services White Paper November 2014 Maximizing the Value and Performance of QuickBooks Enterprise with Remote Desktop Services Formerly known as Windows Terminal Services, Remote Desktop
More informationThat s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.
Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004L Payment Card Industry (PCI) Physical Security (proposed) 01.1 Purpose The purpose
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationBuilding an ITAD Program:
Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by
More informationOffice Equipment Disposal Policy
Office Equipment Disposal Policy R ISK MANAGEMENT HANDOUTS OF L AWYERS MUTUAL LAWYERS MUTUAL LIABILITY INSURANCE COMPANY OF NORTH CAROLINA 5020 Weston Parkway, Suite 200, Cary, North Carolina 27513 Post
More informationMobile Device Policy
Mobile Device Policy Purpose of this Document This document describes the policy for the management of mobile devices. This document will be reviewed every 12 months Author: Matt Mason Version: 1.1 Date:
More informationO.R.C. 5120.01; 5120.22
STATE OF OHIO SUBJECT: PAGE 1 OF 7 Inventory, Donation, Transfer & Disposal of DRC IT Hardware & NUMBER: 05-OIT-21 Software RULE/CODE REFERENCE: O.R.C. 5120.01; 5120.22 SUPERSEDES: 05-OIT-21 dated 09/13/11
More informationCOMPUTER REPLACEMENT PROGRAM GUIDELINES AND PROCEDURES
COMPUTER REPLACEMENT PROGRAM GUIDELINES AND PROCEDURES Information Technology Services (ITS) is implementing guidelines for replacing desktop and laptop computers on a three (3) year cycle as allowed by
More informationFor FY 2016 the new Desktop Support Program rates will be: Business Class - $481/device Enterprise Class - $721/device
Division/Department Representative Dear Rep, The Desktop Support Program is announcing changes to our rates for FY 2016. As a Cost Recovery Service we are expected to recover expenses related to the operations
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More informationTukwila School District #406. Technology Department 4205 South 142nd Street Tukwila, WA 98168 (206) 901-8080. Computer and Phone Support Handbook
Tukwila School District #406 Technology Department 4205 South 142nd Street Tukwila, WA 98168 (206) 901-8080 Computer and Phone Support Handbook Revised: July 2009 Table of Contents Network Systems Department
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationINFORMATION SECURITY GUIDELINES
INFORMATION SECURITY GUIDELINES TABLE OF CONTENTS: Scope of Document 1 Data Definition Guidelines (Appendix 1).2 Data Protection Guidelines (Appendix 2).3 Protection of Electronic or Machine- Readable
More informationIT Security Standard: Computing Devices
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationLook around any workplace and you see Information Technology (IT) assets. If you are working in an average office environment, you probably have a
1 Look around any workplace and you see Information Technology (IT) assets. If you are working in an average office environment, you probably have a computer monitor with a CPU at your desk along with
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationUF IT Risk Assessment Standard
UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More information$2.25 $1.20. Display device w/ diagonal screen size: 29 : $9.00 30 45 : $19.00 46 : $35.00
EPRA Nova Scotia S AND CLARIFICATIONS Revised PHASE 1 OBLIGATED AS OF: FEBRUARY 1, 2008 OBLIGATED DESKTOP A computer terminal designed to reside on a desk COMPUTERS or similar work surface PORTABLE COMPUTERS
More informationHIPAA RISK ASSESSMENT
HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation
More informationPurpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)
Procedure Credit Card Handling and Security for Departments/Divisions and Elected/Appointed Offices Last Update: January 19, 2016 References: Credit Card Payments Policy Purpose: To comply with the Payment
More informationInformation Technology Acceptable Usage Policy
Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationIT Asset disposition services
IT Asset disposition services Serverhuset help you do business while following the EU-directive on WEEE Table of contents We help our customers become more cost efficient and environmentally friendly by
More informationSOAS Controlled Procedure CP-PP06 IT Asset Management Procedure
SOAS Controlled Procedure CP-PP06 IT Asset Management Procedure Page 1 of 6 Martin Whiteside Version 1.1 March 2015 CP-PP06 IT Asset Management Procedure 1 Document Overview This document provides the
More informationSeptember 28 2011. Tsawwassen First Nation Policy for Records and Information Management
Tsawwassen First Nation Policy for Records and Information Management September 28 2011 Tsawwassen First Nation Policy for Records and Information Management Table of Contents 1. RECORDS AND INFORMATION
More informationSustainability. Your Partner In Green IT & Bottom Line
Electronic Greenscape Waste Eco Management & Sustainability Your Partner In Green IT & Bottom Line Industry Background Greenscape Eco Management was incepted in late 2007 with an aim to formulate new value
More informationb. USNH requires that all campus organizations and departments collecting credit card receipts:
USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System
More informationIT Strategic Plan INFRASTRUCTURE PROPERTIES AND PLANNING
IT Strategic Plan INFRASTRUCTURE PROPERTIES AND PLANNING 2016-2019 Purpose The purpose of this document is to provide the general scope and direction for information technology (IT) in Infrastructure Properties
More informationIT Trading UK Ltd Computer & IT Equipment Disposal Specialists
IT Trading UK Ltd Computer & IT Equipment Disposal Specialists Unit 4A Scott's Close, Downton Business Centre, Downton, Salisbury, Wiltshire, SP5 3RA Tel: 01725 513403 Fax: 01725 513714 Email: info@it-trading.co.uk
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationOverview. Responsibility
Overview Property management is an important function at the University. Prudent inventory practices help protect the University s multi-million dollar investment in equipment, provide documentation needed
More informationCOLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE ELECTRONIC COMMUNICATIONS MANAGEMENT AND RETENTION PROCEDURES
Page 1 of 6 SP 3-125d COLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE ELECTRONIC COMMUNICATIONS MANAGEMENT AND RETENTION PROCEDURES EFFECTIVE: June 14, 2009 REFERENCE: BP 3-125; Electronic
More informationAsset Management Procedure
1 Purpose Effective asset management and capital expenditure are essential to the continuity, development and growth of Victoria University of Wellington ( the University ). They are closely linked to
More informationCITY OF CARLSBAD CLASS SPECIFICATION ADMINISTRATOR, CLIENT SYSTEMS ADMINISTRATOR
CITY OF CARLSBAD CLASS SPECIFICATION JOB SERIES: DEPARTMENT: CLIENT SYSTEMS ASSOCIATE ADMINISTRATOR, CLIENT SYSTEMS ADMINISTRATOR INFORMATION TECHNOLOGY Distinguishing Features and Summary Description:
More informationHow To Manage Records And Information Management In Alberta
8. RECORDS AND INFORMATION MANAGEMENT Overview This chapter is intended to help public bodies understand how good records and information management practices assist in the effective administration of
More information