Why is Data Sanitization and Disposition Policy Important?

1. Why is Data Sanitization and Disposition Policy Important? Massive proliferation of data, complex data storage systems and system replacements make data systems sanitization and disposition planning an important requirement for businesses so they can protect their data, their clients and their reputation from unauthorized access.  https://sphaera.net/services/migration-decommission-and-data-destruction/

2. Step 1: Understand your storage media ecosystem • In order to ensure a complete assessment of vulnerable data storage, “the initial system requirements should include hardware and software specifications as well as interconnections and data flow documents that will assist the system owner in identifying the types of media used in the system,” recommends the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-188, Revision 1.

3. Understanding Complexity of Storage Systems • There are many layers in a storage system, including storage media and storage devices, which can complicate the data sanitization process. Sanitization of storage media follows a different protocol than sanitization of storage devices that are used to retrieve data. For instance, monitors, may have sensitive data “burned into the screen” (NIST SP 800-88 Rev 1) and may require a different sanitization procedure than sanitization of storage media. Therefore, understanding the storage system in your organization is an important first step in creating a sound data sanitization and disposition policy.

4. Organizing Storage Media by Type • Types of storage media can have important implications for the correct sanitization method to be applied. For instance, magnetic storage media or Hard Disk Drives (HDDs) need to be sanitized and disposed of differently than a flash memory-based storage media. Similarly, there’s optical media, such as CDs and DVDs, where data is written and read with a laser. Data sanitization of optical media usually involves removal of data bearing layers, and then incinerating or shredding the device. Having a clear organization of data bearing media and involved storage devices will help you plan for recommended sanitization protocols.

5. Cataloging Storage Media Details • Along with rapid technological advances in storage media, the sanitization technology is also evolving. It’s important to deploy the right sanitization standards for storage media from a compliance perspective. For instance, the current degaussing technology, that demagnetizes strips that store data in HDDs, is not effective on emerging magnetic recording media. Similarly, if you have encrypted data stored on your systems, an emerging sanitization method, such as Cryptographic Erase (CE), may be a preferred method.

6. Mapping interconnections • Media flows in and out of organizational control through data migration projects, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of how data is interconnected across owned, leased and retired media, so sanitization and decommissioning of one does not impact the uptime of other systems.

7. Contact US • sales@sphaera.net • tel:1-800-705-2619 • 7850 NE Nicholas Ct., Suite A Hillsboro, OR 97124 • https://sphaera.net/