Server/Desktop Decommissioning Policy

Purpose

To protect University data by avoiding security breaches through effective hard drive decommissioning.

Policy Statement

IT personnel must follow a set of defined measures to properly destroy data on decommissioned servers and desktops.

Applies to

All university owned computers.

Responsibilities

Before decommissioning a server or desktop, the appropriate IT personnel must completely destroy the data on the hard drive(s) before the machine is taken out of service and label the machine accordingly. IT employees must follow these procedures whenever the following circumstances arise:

• When a desktop/server is upgraded and the old machine is to be sold, donated, discarded, or recycled.

• Whenever a drive is re-configured for existing or new users.

• Whenever equipment containing storage is returned to a manufacturer or other vendor for repair or warranty replacement.

The Director of Systems is responsible for ensuing that all servers have been decommissioned before they are sold, donated, discarded, or recycled.

The Director of Support Services is responsible for ensuring that all computers have been decommissioned before they are sold, donated, discarded, or recycled.

 

Title: Server/Desktop Decommissioning Policy
Approved By: Pat Cronin, Chief Information Officer
Approval Date: January 29, 2007
Date of Last Revision: February 23, 2011
Policy Category: Information Technology Division

Last Modified: February 23, 2011