Professional Documents
Culture Documents
IS - PROC - 012 - Procedure For Data Disposal Ver.6.0
IS - PROC - 012 - Procedure For Data Disposal Ver.6.0
Table of Contents
1. INTRODUCTION .........................................................................................................................................................4
1.1. Overview ............................................................................................................................................................ 4
1.2. Scope ................................................................................................................................................................. 4
2. DETAILED PROCEDURES ..............................................................................................................................................4
2.1. HDD to be reused within the organisation ........................................................................................................ 4
2.2. HDD to be Discarded.......................................................................................................................................... 6
2.3. Data needs to be recovered from external Party .............................................................................................. 6
2.4. Wiping Data from USB Drives. ........................................................................................................................... 7
2.5. Disposing CD/DVD ........................................................................................................................................... 10
Document Control
Change Record
14/06/2013 Akshata Thakur 5.0 Added new field “Next Review Date”
Approval Sign-off
1. Introduction
1.1. Overview
Utilities such as FORMAT only create new FAT and ROOT tables, leaving all previous data on the disk intact and
recoverable. Moreover, an image of the replaced FAT and ROOT tables is stored, so that the UNFORMAT command can
be used to restore them. Other utilities such as FDISK merely clean the Partition Table (located in the drive's first
sector) and do not clean or erase anything else.
The Disposal and Destruction policies of Capita mandates that all information must be destroyed or disposed of from
external or common storage media, when no longer needed. By external or common storage media we mean
CD/DVD/USB and hard drives of pool laptops. Further, this policy is also applicable when desktops are assigned to
different users.
This document describes procedures for sanitizing various types of data storage media.
1.2. Scope
This procedure is applicable to all equipment that is owned or leased by Capita India or in charge, possession, custody
or control of the Capita India.
All the references to Capita India Pvt. Ltd. should include Ventura India Pvt. Ltd. as well.
2. Detailed Procedures
To achieve this objective a Hard Disk Data wiping Application shall be used.
Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers.
DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an
appropriate utility for bulk or emergency data destruction.
DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a
computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or
thoroughly hinders all known techniques of hard disk forensic analysis.
The DBAN application will overwrite all addressable storage and indexing locations on the drive with zeros and/or
random data for each single pass. For this reason, the overwriting software should be used with caution as data is
erased completely without possibility of recovery.
The data can be sanitised by following the instructions below:
a. Obtain a bootable floppy disk/USB key containing the DBAN application from IT-Operations Team.
b. With the PC power off, insert the bootable DBAN USB key.
c. Start the PC by turning on the power. Select the USB as the 1 Boot option in the BIOS; and you should see the
st
following screen.
f. The time utilized to complete format will be based upon the size of Harddisk capacity and the type of format
selected.
g. The application will continue to operate on its own without human intervention. The following screen will
confirm the wipe process.
h. In order to use any erased HDDs again, you will need to:
OR
Data stored on Hardisks which need to be discarded shall be degaussed or the platters shall be removed and
destroyed physically by cutting or shredding them in shredders.
In cases when data gets corrupted or due to failure of the HDD circuit board, there would be cases where
harddisk needs to be taken out to third party vendors for data retrieval. In such cases the HDD would be sealed,
and accompanied by a document from the server team which would suffice as a gate pass. A NDA between the
vendor and Capita Offshore Services should be signed and only then the HDD should be handed over to the
vendor for data to be retrieved. The retrieved data from the vendor could be collected on DVDs or on a new
Harddisk.
The platters of the old HDD given to the vendor for data retrieval would be taken back from the vendor and
shredded or physically destroyed after a successfully data recovery assurance from the server team. This would
ensure on loss of Data due to negligence.
“Eraser” is a free tool, which allows you to completely remove sensitive data from your hard drive by overwriting it
several times with carefully selected patterns.
b. Launch the application; you will see the following interface. Right click and select “New Task”.
NOTE: You can also use this software to ERASE files and folders.
f. After the erasing is over you will see the following conformation screen.
A CD/DVD shredder should be used to physically destroy a CD/DVD that is no longer needed. Incase if the
shredder is not available, then one can manually break the disk into small pieces.
Modern copy machines and printers have a similar hard drive to those found in PCs and laptops. These
machines automatically store any document that has been printed or copied on the hard drive. This means
that copy machines and printers may contain sensitive data on the hard drive which must be destroyed. This is
often an overlooked security issue which could result in a data breach.
One must ensure that the printer Hard Disks are wiped similar to the computer hard disk by using specialized
software (e.g. Dban, Blancco etc…). Situations where hard disks could not be wiped then it must be physically
destroyed / degaussed.