University units are required (SPG 520.1) to remove all software and/or files from university-owned computers prior to recycling or resale of used or surplus equipment. From Standard Practice Guide 520.1, Section IV, Item D:
Any equipment which records or stores materials of a proprietary nature, material which is protected by federal or state statute (such as the Health Insurance Portability and Accountability Act which protects privacy of patient information or Human Subjects regulations), or which has material with separate copyright issues must have this material/data removed before disposition. Most notable are computer drives, which must be cleared of all software and files prior to disposition.
The task of preparing computers for disposition at UM-Dearborn falls on personnel throughout campus. In most cases, these personnel are in positions within the Information Technology career family. In some cases, they are in positions outside the IT career family, yet have responsibility for declaration of surplus computers. Regardless of position title, personnel who declare surplus computers are responsible for ensuring those computers have been properly prepared for disposition. The procedures described in this document provide guidance for such personnel by defining the minimum requirements.
In some areas at UM-Dearborn, personnel may identify data sets that warrant more strict assurance of confidentiality than the procedures described in this document will provide. In such cases, these procedures are not definitive and personnel should employ methods that meet their area's unique, elevated requirements. The ITS Security Group (umd-its-security (at) umich.edu) is available to assist with an independent analysis of requirements in such cases.
These procedures were developed through collaboration among IT staff from various UM Dearborn departments. The procedures are organized under four, higher-level approaches. The procedures do not contain detailed instructions. If detailed instructions are needed, please contact the ITS Security Group (umd-its-security (at) umich.edu).
1. Wipe the drive while the it's still in the computer.
While this approach is the most simple, it also requires the most time up front. In the case where one person is responsible for preparing only a few computers for disposition at a time, this approach is often preferred. It involves booting an intact computer from a CD or other external media that does not stay with the computer. Once booted in this manner, a software utility is used to overwrite all data on any installed hard drives. This process is commonly called "wiping". A minimum requirement of wiping is that it must overwrite the entire drive at least once, ensuring that data cannot be recovered using normal system functions or software data recovery utilities. Two software utilities commonly used at UM Dearborn to do this are:
- For Windows and Linux Systems: DBAN (Darik's Boot And Nuke), available from www.dban.org
- For Apple/Mac systems: Apple Disk Utility, included with Mac OS X
Once the entire drive has been overwritten with at least one pass, the computer is ready for disposition.
2 .Remove the drive from the computer.
This approach has the advantage of quickly preparing a computer for recycling, resale, etc. In cases where several computers must be prepared for disposition at once, this approach is often preferred. Any hard drives installed in the computer are physically removed and retained in a secure, on-campus location for future wiping or destruction. A computer that has no hard drives installed is ready for disposition.
3. Wipe a drive that's not installed in a computer.
This approach typically involves a hard drive that was previously removed from a computer under approach #2. The process and example utilities in this approach are similar to those of approach #1. The difference being that the hard drive must be connected to a computer that will be used to run a software utility rather than using the computer that originally contained the hard drive. As with approach #1, once the entire hard drive has been overwritten with at least one pass, it is ready for disposition.
4. Destroy a drive that's not installed in a computer.
When attempts to use approach #1 or #3 are unsuccessful, as when a hard drive malfunctions and does not respond properly, physical destruction is often the last resort. Also, physical destruction is sometimes chosen for its convenience; it takes less time to damage a hard drive with power tools than it does to overwrite it with a software utility.
One method for destroying a hard drive is to use an external hard drive shredding service. The University's office of Property Disposition can coordinate hard drive shredding for UM units. Contact Property Disposition for more information.
As an alternative to contracting a hard drive shredding service, departments may elect to destroy a drive using internal resources. If proper care is not taken, physically destroying a hard drive can pose a safety risk for the personnel involved. The following methods have been used on campus and do satisfy the requirements of SPG 520.1, but they are not encouraged due to the associated risk of personal harm.
- Disassemble the drive and remove the platters.
- Drill holes into the hard drive, at least deep enough to breach the platters inside. The minimum number of holes per hard drive may be a subject for debate, but a minimum of four holes is generally recommended.
Once a hard drive has been damaged to the point that repair is not feasible, it is ready for disposition.