Educause Security Discussion mailing list archives

hard drive destruction

From: Michael Fox <Mfox () GEORGIASOUTHERN EDU>
Date: Thu, 10 Aug 2006 10:44:51 -0400

I am working on policy and procedures for hard drive wipe/destruction. I
have most of what I need for my procedures but I have hit one sticking
point. I would like to get some input as to how others have handled this
issue.

The issue: if a hard drive that is under warranty fails most
technicians will contact the vendor, get a replacement drive and send
the "bad" drive back to the vendor. If there is sensitive information on
that drive (worst case scenario always) the vendor now has access to
that data and/or worse yet they repair the drive and sell it to someone
else.

 What do you folks do with this kind of scenario?

Any information will be a great help.

Thanks in advance,
Mike


Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

NOTE: This email message is intended only for the named recipient(s)
above
and may contain information that is privileged, confidential, and or
exempt
from disclosure under applicable law. If you have received this message
in
error, or are not the named recipient(s), please immediately contact
the
sender and delete this email message.

Current thread:

hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)