Re: Quick Survey: How do you "dispose" of outbound hard drives??

[Chris Green <cmgreen () UAB EDU>]

Degaussing used to be our standard disposal method for Equipment Accounting.  We found, even when properly performing 
the degauss per vendor instructions, that it was often possible to read data and it was too easy to not follow the 
instructions.  One solution was to buy a better destruction tool but it was easier to give everyone a place to dump 
them and we ferry them to an 50hp industrial shredder on campus that we already had to destroy other types of waste.   

It's not the DOD "fine mesh" but chipped HDs seemed reasonable. 

http://main.uab.edu/Sites/it/faqs/57722/
http://main.uab.edu/Sites/it/documents/80781.pdf

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Perry, 
Jeff
Sent: Wednesday, September 29, 2010 3:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard drives??

Good points all around (re: dod vs EDU).

> Michael wrote: " higher ed typically doesn't play in the "blinding
white flash" arena, so I'd recommend AGAINST trying to apply those rules in this environment."

This is indeed why we stuck to degaussing as our "nuclear option" and didn't go with a degauss+physical shredder policy 
(and the noise and cost and mess associated with it).  The method that each division/school must use on our campus is 
stipulated in our data classification policy.
We have a matrix that basically says "if the system is rated Category 1 and is moving to another Category 1 use 
internally do XYZ. " If it's moving down (cat 1 -> 2) internally do 123"  "If it's leaving us entirely do ABC".