Educause Security Discussion mailing list archives
Re: hard drive destruction
From: "Mark T. Nardone" <m.nardone () NEU EDU>
Date: Thu, 10 Aug 2006 12:08:40 -0400
With warranty repairs we use CBE as our vendor. We have established protocols with them for HD swaps, they will replace the drive and the original warranty drive comes to ITSecurity for data wiping. Normally this is just a 5 working day delay in the return of the drive to CBE. 90% of the time the drives are functional enough to be wiped using either our KillDisk boot disk, or in some cases our Encase Forensic hardware. In the very few instances where neither is possible we will swap the drive for an equivalent to go to the vendor, and we send the original for destruction. So far this has worked fairly well. Mark Mark T. Nardone IT Security Analyst Northeastern University 448 Columbus Place Boston , MA 02115 617.373.7901 (desk) 617.335.5082 (mobile) 617.373.4354 (fax) m.nardone () neu edu Northeastern AUP ================================================= This message may contain confidential or sensitive information, and is intended only for the addressed individuals. If you are not a named addressee, or if you have received this message in error, we ask your cooperation to refrain from disseminating, distributing or copying this e-mail, and request that you delete it from your device. ================================================= Michael Fox <Mfox () GEORGIASOUTHERN EDU> 08/10/2006 10:44 AM Please respond to The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] hard drive destruction I am working on policy and procedures for hard drive wipe/destruction. I have most of what I need for my procedures but I have hit one sticking point. I would like to get some input as to how others have handled this issue. The issue: if a hard drive that is under warranty fails most technicians will contact the vendor, get a replacement drive and send the "bad" drive back to the vendor. If there is sensitive information on that drive (worst case scenario always) the vendor now has access to that data and/or worse yet they repair the drive and sell it to someone else. What do you folks do with this kind of scenario? Any information will be a great help. Thanks in advance, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16 NOTE: This email message is intended only for the named recipient(s) above and may contain information that is privileged, confidential, and or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately contact the sender and delete this email message.
Current thread:
- hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)