×

Secure Deletion Procedure

Scope:

This procedure applies to any electronic media which is required to be securely deleted because of the type of data it contains.

Purpose:

This procedure covers the process for securely deleting electronic media which either currently contains or previously contained information classified as Loyola Protected data or Loyola Sensitive data, which will be referred to as “covered data” in this procedure.

Procedure:

Hard drives

When a computer with a hard drive containing covered data is replaced, it initially will be stored in accordance with the existing equipment replacement policy.  When the hard drive would normally be placed back into circulation, it must first be securely deleted before this happens.

To securely delete a hard drive, an ITS technician will place the hard drive into a computer and boot a copy of an approved whole drive secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing one complete overwrite.

USB drives

When a USB drive containing covered data needs to be discarded, an ITS technician will attach the USB drive to a computer and run an approved granular secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing one complete overwrite.

Floppy diskettes, CD-Roms, DVD-Roms, and other similar media

When any form of media, which is inserted into a desktop drive, containing covered data needs to be discarded, the media must be physically destroyed.  This is most easily accomplished by using a pair of scissors to cut the media in half.  It is also acceptable to send the media through a shredding device.  This does not need to be performed by an ITS technician.

Backup tapes

When a backup tape needs to be discarded, the backup tape must be sent through a degaussing device.  Because it is difficult to determine which specific files are on which specific tape, all backup tapes are subject to this policy.  If an area has backup tapes but does not have a degaussing device, they can provide the backup tapes to ITS.  An ITS technician will then degauss the backup tapes.  Once the backup tapes are degaussed, they can be discarded.

Broken devices or media

If a device or piece of media is unable to be read, it must be either degaussed or physically destroyed.  If an area is unsure of how to do so, or does not have a degaussing device, they can contact ITS.  ITS will pick up the device or piece of media.  The ITS technician will then either physically destroy the device or degauss it, depending on which is more appropriate.

PCI Lockbox

PCI lockbox images older than 14 days will automatically be deleted from server storage daily. Results of this job will be logged to a central logging server in accordance with the Log Management Standard and emailed to appropriate ITS staff members.

PCI Servers and Network Devices

PCI servers and network devices that store Primary Account Number “PAN” information will have records containing the PAN older than 90 days will automatically be deleted from server storage daily.  Records containing the PAN on the ORACLE MICROS system, used by food services, will have records containing the PAN automatically deleted from the server older than 120 days deleted from server storage daily.

Devices containing HIPAA Related Information

Devices containing protected health information as outlined by HIPAA require additional steps to ensure no data can be retrieved from the device.  All HIPAA related devices will be erased using an approved whole drive secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing seven complete overwrites. Any device that cannot be erased in this manner must be physically destroyed.

Appendix

Approved whole drive secure deletion tools

DBAN - https://sourceforge.net/projects/dban/ - 2.3 and above

Approved granular secure deletion Tools

Eraser - http://eraser.heidi.ie/download/ - 6.2 and above

History

  • March 12, 2008: V 1.0, Initial Procedure
  • October 8, 2014: V 1.1, Add PCI Lockbox procedure
  • June 19, 2015: V 1.1, Annual Review for PCI Compliance
  • April 13, 2016: V 1.1, Annual Review for PCI Compliance
  • May 18, 2017: V 1.1, Annual Review for PCI Compliance
  • July 20, 2017: V 1.2, Added secure deletion process for HIPAA information
  • June 12, 2018: V1.2 Annual Review for PCI Compliance
  • October 5, 2018: V1.3 Added procedure change for Micros
  • July 15, 2019: V1.3 Annual Review for PCI Compliance

Scope:

This procedure applies to any electronic media which is required to be securely deleted because of the type of data it contains.

Purpose:

This procedure covers the process for securely deleting electronic media which either currently contains or previously contained information classified as Loyola Protected data or Loyola Sensitive data, which will be referred to as “covered data” in this procedure.

Procedure:

Hard drives

When a computer with a hard drive containing covered data is replaced, it initially will be stored in accordance with the existing equipment replacement policy.  When the hard drive would normally be placed back into circulation, it must first be securely deleted before this happens.

To securely delete a hard drive, an ITS technician will place the hard drive into a computer and boot a copy of an approved whole drive secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing one complete overwrite.

USB drives

When a USB drive containing covered data needs to be discarded, an ITS technician will attach the USB drive to a computer and run an approved granular secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing one complete overwrite.

Floppy diskettes, CD-Roms, DVD-Roms, and other similar media

When any form of media, which is inserted into a desktop drive, containing covered data needs to be discarded, the media must be physically destroyed.  This is most easily accomplished by using a pair of scissors to cut the media in half.  It is also acceptable to send the media through a shredding device.  This does not need to be performed by an ITS technician.

Backup tapes

When a backup tape needs to be discarded, the backup tape must be sent through a degaussing device.  Because it is difficult to determine which specific files are on which specific tape, all backup tapes are subject to this policy.  If an area has backup tapes but does not have a degaussing device, they can provide the backup tapes to ITS.  An ITS technician will then degauss the backup tapes.  Once the backup tapes are degaussed, they can be discarded.

Broken devices or media

If a device or piece of media is unable to be read, it must be either degaussed or physically destroyed.  If an area is unsure of how to do so, or does not have a degaussing device, they can contact ITS.  ITS will pick up the device or piece of media.  The ITS technician will then either physically destroy the device or degauss it, depending on which is more appropriate.

PCI Lockbox

PCI lockbox images older than 14 days will automatically be deleted from server storage daily. Results of this job will be logged to a central logging server in accordance with the Log Management Standard and emailed to appropriate ITS staff members.

PCI Servers and Network Devices

PCI servers and network devices that store Primary Account Number “PAN” information will have records containing the PAN older than 90 days will automatically be deleted from server storage daily.  Records containing the PAN on the ORACLE MICROS system, used by food services, will have records containing the PAN automatically deleted from the server older than 120 days deleted from server storage daily.

Devices containing HIPAA Related Information

Devices containing protected health information as outlined by HIPAA require additional steps to ensure no data can be retrieved from the device.  All HIPAA related devices will be erased using an approved whole drive secure deletion tool, as listed in the appendix.  The ITS technician will then run the program, performing seven complete overwrites. Any device that cannot be erased in this manner must be physically destroyed.

Appendix

Approved whole drive secure deletion tools

DBAN - https://sourceforge.net/projects/dban/ - 2.3 and above

Approved granular secure deletion Tools

Eraser - http://eraser.heidi.ie/download/ - 6.2 and above

History

  • March 12, 2008: V 1.0, Initial Procedure
  • October 8, 2014: V 1.1, Add PCI Lockbox procedure
  • June 19, 2015: V 1.1, Annual Review for PCI Compliance
  • April 13, 2016: V 1.1, Annual Review for PCI Compliance
  • May 18, 2017: V 1.1, Annual Review for PCI Compliance
  • July 20, 2017: V 1.2, Added secure deletion process for HIPAA information
  • June 12, 2018: V1.2 Annual Review for PCI Compliance
  • October 5, 2018: V1.3 Added procedure change for Micros
  • July 15, 2019: V1.3 Annual Review for PCI Compliance