Chapter 4 – Information Technology

49170.8 Sanitization and Destruction

• When no longer usable, hard drives, diskettes, tape cartridges, CDs, ribbons, hard copies, print-outs, and other similar items used to process, store or transmit sensitive or confidential data shall be properly disposed of in accordance with measures established by SAMState Administrative Manual 5900 and 1600. (See NIST 800-88, Guidelines for Media Sanitization for further assistance.)

  • Physical media (paper print-outs and other physical media) shall be disposed of by one of the following methods:

    • Shredded using department issued cross-cut shredders.

    • Placed in locked shredding bins for third party shredding to come on-site, retrieve bins and securely shred.

  • Electronic/Magnetic media (hard drives, tape cartridges, CDs, printer ribbons, flash drives, printer and copier hard drives, smart devices, etc.) shall be disposed of by one of the following methods: (See NIST 800-88, Guidelines for Media Sanitization, Appendix A for further details.)

    • Clear – applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.

    • Purge – applies physical or logical techniques that render Target Data recovery infeasible.

    • Destroy – renders Target Data recovery infeasible and results in the subsequent inability to use the media for storage of data.

• ITInformation Technology systems that have been used to process, store, or transmit sensitive or confidential information shall not be released from the department’s control until the equipment has been sanitized and all stored information has been cleared using one of the above methods.