Re: hard drive destruction

["Pace, Guy" <gpace () CIS CTC EDU>]

For desktop systems, where drives may outlast the warranty and
replacement cost would be about $80 to $120, that may be true. But for
server systems, the "keep the drive" option is a definite advantage.
When a drive goes bad in an array, you should keep it and send it for
aproved destruction when Dell (or whatever vendor) replaces it. This
happens often enough in servers and drive arrays that "just replacing"
would be cost prohibitive when the drives cost about $300 to $500 each
and you might get two or three drive failures in a server array in a
year.

I struggle with this since drives sent back are often "refurbished" and
reused. Clean-room rebuilds of drives can re-use a number of the drive
parts. Destruction just makes more material for landfills, some of it
toxic. Generally, there isn't enough information on a single drive in a
RAID5 array that returning the drive to the vendor poses a significant
risk. Much of this is driven by organizational or regulatory mandates.
If there were a reliable way to insure that a dead drive could be
cleaned of all data prior to returning it to the vendor, I would be all
for that.

Reduce, reuse, recycle. 


Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu


-----Original Message-----
From: Roy Hatcher [mailto:rhatcher () PITTSTATE EDU] 
Sent: Thursday, August 10, 2006 8:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] hard drive destruction

At least with Dell, when you purchase a new computer, for about $20
more, you can add 'Keep your Hard Drive' for 1-4yrs. 3 years being the
default for $16.20.
With that, you can get a warranty replacement drive without having to
send the old one back.

While it could certainly be convenient to do it that way, it seems like
it would be more cost effective to just go ahead and buy a new drive
anytime an old one goes bad, instead of adding $20 to every new computer
purchase.

-rh

--
Roy Hatcher
Systems Administrator
Pittsburg State University
620.235.4071
rhatcher () pittstate edu



Les LaCroix wrote:
> We don't go to the vendor for warranty hard drive replacement.  We put

> in a new hard drive and send the old one for destruction to the same 
> place that old drives go when we retire computers.  There's a cost 
> issue, and there's the question on whether or not the computer's 
> warranty is now invalid.  But it doesn't happen often enough that we 
> worry about it.
>
> Les LaCroix
> Associate Director of Network Services
> Carleton College
>
> Michael Fox wrote:
>
> > I am working on policy and procedures for hard drive
wipe/destruction. 
> > I have most of what I need for my procedures but I have hit one 
> > sticking point. I would like to get some input as to how others have 
> > handled this issue.
> >  
> > The issue: if a hard drive that is under warranty fails most 
> > technicians will contact the vendor, get a replacement drive and send

> > the "bad" drive back to the vendor. If there is sensitive information

> > on that drive (worst case scenario always) the vendor now has access 
> > to that data and/or worse yet they repair the drive and sell it to 
> > someone else.
> >  
> >  What do you folks do with this kind of scenario?
> >