Secure destruction of data

We’ve recently been asked how we dispose of our hard disk drives/tapes while ensuring that sensitive data is protected.  Depending on the nature of the data we use a 2 stage method.

Media for disposal or reuse within the University

Hard disks are wiped using the freely available DBAN. I’ll use their own description of the software:

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware.

Tapes are erased using the built in library features. Completing this stage would make media suitable for internal transfer and reuse within the University.

In order to use DBAN yourself you simply need to burn a copy of the ISO which creates a bootable CD/DVD. After that simply follow the on screen instructions.

Disposal (WEEE)

If the media holding the data is to be disposed of or recycled the University has a contract for WEEE contractor-

Second Byte provide Hard drive erasure and Certificates of data destruction. Each piece of equipment is given a reference by the contractor and certificates of destruction are provided. These are stored electronically centrally.

Hard drives are removed from machines during booking in, placed in secure containers and moved to a separate area of their warehouse. Only specific members of staff are allowed to handle hard drives. All hard drives are sanitized again using DBAN working to DOD 5220.22-M with 7 passes even if clients have sanitized them or if they have asked for disposal. All hard drives that clients have asked to be destroyed are recycled after being sanitized.

Any tapes or other media are physically destroyed certificates of destruction provided.

This entry was posted in Security by James. Bookmark the permalink.

About James

I am an Infrastructure Systems Administrator in the Infrastructure Systems Group (ISG) within ISS. We are responsible for a number of the core services which support the IT Infrastructure of the University including Active Directory, Exchange, DNS, Central Filestore, VMware and SQL. I hold number of current Microsoft Certifications and am also a Symantec Certified Specialist (Netbackup)

1 thought on “Secure destruction of data

  1. A good article – and DBAN is fantastic freeware. When physically destroying hard drives, just make sure it’s a professional shredding service – 30mm or 6mm for highly sensitive data.

Leave a Reply

Your email address will not be published. Required fields are marked *