Ensuring Data Security for Returned Bloomberg PCs

PT-10-277
Ensuring Data Integrity for Bloomberg PC

Revision: 6.0
Revision History
Date Revision # Description of Changes
09/14/2016 1.0 Document Initiated

03/01/2017 2.0 Added contact list, green tag material number, minor edits
07/08/2017 3.1 Added COFC and SAP entry instructions to pages 11-17
07/18/2017 3.2 Updated Steps 2.5 Returning Customer PCs to Bloomberg Warehouse
10/17/2018 3.3 Updated Step 2.6 with new CRCO Bios Password resetting request
06/07/2019 3.4 Updated Step 2.1 and 2.2 adding tamper tape to PCs prior to shipment and what should be
done if Green Tag and Tape is missing
09/20/2019 3.5 Updated step 2.4 with clear direction on processing time for PCs once they are received into a
warehouse. Made changes to reflect Office Services move to Facilities.
03/11/2020 3.6 Removed contact name
08/11/2020 3.7 Updated component Inspection poster, Team name change from Asset Verification to
Inventory Controls, Added sales order as a requirement when components are found to be
missing
09/22/2020 4.0 Updated step 2.6.1 to explain the exception, Step 2.7 added name of procedure
Removed Inventory Controls and added Compliance who will now handle tickets for missing
components.
02/03/2021 5.0 Removed Wendy Lua from the contact list
12/02/2021 6.0 Updated to include BIOS reset process for the HP 800 G6. Moved procedure to new template.
Some minor edits
Revision Date: 12-2-2021

Contact a member of the Global Compliance team for further assistance.
Name Region E-Mail Address

Bill Vincent North America bvincent@bloomberg.net
John O’Shea North America joshea6@bloomberg.net
About This Document:

This procedure provides details on how to inspect PCs for hard drives and to ensure the protection of
data on Bloomberg PCs once returned.
Revision Date: PT-10-277 Ensuring Data Integrity for Bloomberg PC Revision #
12-02-2021 Procedure 6.0
Table of Contents:
1. RESPONSIBILITIES:.....................................................................................................................................3
2. PROCESS....................................................................................................................................................3
2.1 Use of Tamper Resistant Devices............................................................................................................3
2.2 PCs with missing or damaged tamper devices upon return (exc. Warehouses).....................................4
2.3 Inspection of Internal Components........................................................................................................6
2.4 Storage of PC Returns in BOS/Supply Chain Locations............................................................................7
2.5 Handling of PCs upon Return to Bloomberg Warehouses......................................................................8
2.6 Data Sanitization.....................................................................................................................................9
2.7 BIOS Password Reset Process for BBPCs...............................................................................................10
2.8 Hard Drive Destruction Validation Process:..........................................................................................11
3. DATA RECORDING PROCESS....................................................................................................................12
3.1 Chain of Custody Recording Process.....................................................................................................12
3.2 SAP Data Recording Process.................................................................................................................13
4. APPENDIX................................................................................................................................................17
4.1 Approved Shredders.............................................................................................................................17
2
12-02-2021 Procedure 6.0
1. RESPONSIBILITIES:
As part of its Chain of Custody effort, Warehouse Operations in Supply Chain have evaluated the life
cycle of PCs with an eye to ensuring the integrity of data that may reside on hard drives and non-
volatile memory modules. This document is to provide instructions on how to properly ensure the
protection of data on Bloomberg PCs.
2. PROCESS
2.1 Use of Tamper Resistant Devices
2.1.1 All PCs configured for a customer/internal order must have a tamper proof tag.
 Supply Chain places a green tamper-proof tag (mat# 10036474) onto all PCs prior to
shipment. (As of September 2015)
3
12-02-2021 Procedure 6.0
 As of July 15th 2019 Supply Chain has been adding silver taper tape (mat# 10050066)
onto all PCs as well, prior to shipment.
2.2 PCs with missing or damaged tamper devices upon return (exc. Warehouses)
2.2.1 For Customer PCs in field, the BOS Field Technician must inspect the PC to see if it has
a tamper proof tag and the Silver tape is intact
2.2.1.1 If the PC does not have a Green Tamper Proof Tag, and/or the Silver tape is broken, a
Red Tamper Proof Tag (mat# 10036545) must be attached to the PC prior to return
shipments by the BOS Field Technician
Note: Tamper proof tags are provided within the shipped replacement PC boxes,
4
12-02-2021 Procedure 6.0
for all ZRX/ZRE orders. Silver Tamper Tape not necessary for returns.
ZRX (PC REPLACEMENT) ZRE (REMOVAL)
2.2.2 All PCs (both Internal and Customer) that are returned to Non-Warehouse Locations
(BOS / Supply Chain / Facilities Office Services) must be visually inspected for a Tamper
Proof Tag.
2.2.2.1 If a Tamper Proof Tag is present on the back of the PC, process the PC as normal.
2.2.2.2 If there is a missing Tamper Proof Tag on the PC, please refer to Section 2.3.
Note: Facilities Office Service team provides the service of processing PCs back to our warehouses in
locations where there is no Supply Chain presence.
5
12-02-2021 Procedure 6.0
2.3 Inspection of Internal Components
2.3.1 If a PC is found to have missing tag or silver void tape, you must perform a visual
inspection for its internal components.
HP ELITEDESK 800 G1 - G2 PC
HP ELITEDESK 800 G3 - G6 PC
 Note: There is a video showing the inspection process located at:

G:\Admin-Shared\METRO WAREHOUSE\Video Procedures\PC Component Inspection
6
12-02-2021 Procedure 6.0
2.3.2 If any components are missing, raise an SDSK: Chain of Custody: Media Retention
(SDSK ADD 29662) for the Compliance team. Include the following information.
 Serial Number of PC in question,
 SDSK ticket PC was returned on
 Sales order PC was returned on
 List of component(s) missing.
2.3.3 Next, a Red Tamper Proof Tag needs to be attached to the PC and processed.
2.4 Storage of PC Returns in BOS/Supply Chain Locations
2.4.1 All PCs delivered to Supply Chain or Facilities Office Services are to be stored in locked
cages prior to shipment back to warehouses. They should be processed back to a
warehouse for processing in a timely manner.
Locked Cages
7
12-02-2021 Procedure 6.0
2.5 Handling of PCs upon Return to Bloomberg Warehouses
2.5.1 All PCs that return to the Bloomberg Warehouses are staged in secure locked cages.
2.5.2 All PCs returning to the warehouse must be verified for Tamper Proof Tags in the
Receiving department.
2.5.3 If the PC does not have a tamper proof tag, they must:
 Notify Compliance by raising an SDSK ticket with keywords Chain of Custody: Media
Retention or (SDSK ADD 29662).


 Enter the Material and Serial number of the PC

.
 State missing Tamper Proof Tag

 Check the PC for missing components (If needed a Production PC rep can be called on
to assist in checking for missing components)
 If no HDs or components are found to be missing, place a Red Tamper Proof Tag and
process as normal.
 If there are missing HDs or components, please note this on the SDSK ticket, move this
PC to the Production Department in SLOC 0060 QI, and bring to a Production rep. This
will trigger an investigation for further escalation.
 Note: This equipment must be moved to Production (Sloc-0060) on SAP via MB1B with
movement type 322, and have an Inspection Lot created.
8
12-02-2021 Procedure 6.0
9
12-02-2021 Procedure 6.0
2.6 Data Sanitization
2.6.1 All PCs must be sanitized (Using Blancco) within 20 calendar days of returning to the
warehouse. TWO processes must be performed.
 Sanitize (erase) data on Hard Drives using the latest Blancco sanitizing software, and
send report to the Blancco cloud.
 Reset / Clear any BIOS Passwords present on the system.
Exception: For End of Life PCs at Metro and Canning Town, a 2-man process has been implemented
for crushing Hard Drives without wiping. (PT-10-275 Hard Drive COFC Procedure)
2.6.2 If the returning PC Hard Drives are not able to be sanitized, (the PC is Out of
Spec/Designated for Sell Off) the Production reps will follow procedure (PT-10-275
Hard Drive COFC Procedure)
 Remove the Hard Drives from the PC and physically destroy them in an approved Hard
Drive shredder.
 In addition, an SDSK exception ticket must be raised under the problem type Chain of
Custody: Media Retention or (SDSK ADD 29662) explaining the circumstance.
10
12-02-2021 Procedure 6.0
2.7 BIOS Password Reset Process for BBPCs
2.7.1 HP800 G1-G5 PC BIOS Password Reset Process:
2.7.1.1 Open PC Cover

2.7.1.2 Remove Green BIOS Jumper from the motherboard
2.7.1.3 Plug in Power Cord and Power PC up
2.7.1.4 Look for HP symbol on Screen (should take 10 sec). Once you see this, you can
unplug power cord.
2.7.1.5 Reconnect Green BIOS Jumper
2.7.1.6 Power on PC. Press F-10 to enter Bios and verify that there are no passwords set.
2.7.1.7 Power down unit. The PC is now ready to be reused for future orders or to be
processed for EOL.
Note: A Video procedure showing this process can be found at
G:\Admin-Shared\METRO WAREHOUSE\Video Procedures\Resetting PC BIOS

2.7.2 HP800 G6 PC BIOS Password Reset Process:
Note: The PC model HP800 G6 does not come with the BIOS Password reset Jumper pin built in on the
system board. This was removed as an enhanced security measure. To reset the PC BIOS Password,
the following steps will need to be followed:
2.7.2.1 Place the PC on Hold and move to Quality Sloc 0090.

2.7.2.2 Connect keyboard/monitor and power on PC, simultaneously pressing F1 to load the
BIOS Screen (Repeated Presses of F1 may be required if not initially successful)
2.7.2.3 When Prompted to enter the BIOS Password, press F1 once more to access the
System Information Page.
2.7.2.4 Raise an SDSK/Quality Activities ticket (SDSK ADD 32516) and include the following
information
o Serial Number
o SKU Number
o Universally Unique Identifier (UUID) - This can be found in the service portion of
the System Information Page shown in Error: Reference source not foundError:
Reference source not found.
o Add comments to state “A BIOS password reset BIN file is required from HP:”
11
12-02-2021 Procedure 6.0
Figure 2.7A: Location of service details for G6 Password BIOS reset.

2.7.2.5 Tickets must be assigned to the Quality PC Product lead who will then communicate
this to our HP CAM based in the US.
2.7.2.6 The HP CAM will then provide a BIN file with Instructions on creating a USB Key with
the file to clear the BIOS Password set on the specific G6 PC.
2.8 Hard Drive Destruction Validation Process:
2.8.1 This validation Process is only performed at Metro and Canning Town because they
are exempt from having to Blancco EOL (end of life) PCs before they shred the Hard
Drives.
2.8.2 These locations have an IB Chat created (COFC HD VALIDATION REQUEST) for any
member of the Quality team, or any other Manager/Team Leader within the plant
(other than the Production TL), to come down and validate the Hard Drives the rep in
the Production department is requesting validation for.
2.8.3 Validators should:
 Verify the QTY of Hard Drives being destroyed (physical quantity vs what was entered
in the Chain of Custody portal)
 Spot check some of the SNs entered in the COFC portal are correct
 Accompany the rep and watch the hard drives be physically destroyed
12
12-02-2021 Procedure 6.0
3. DATA RECORDING PROCESS
3.1 Chain of Custody Recording Process
3.1.1 Open a Bloomberg terminal type in ‘COFC’. This will bring you to the Chain of Custody
portal (as outlined in the PT-10 -275 Hard Drive COFC Procedure).
3.1.2 Prepare to enter Hard Drives you have removed from EOL PCs into this Database. For
quicker processing and to avoid adding disk details incorrectly, it is best to pre-arrange
disks by like manufacturers.
3.1.3 Click on “1) Add”. This will bring up a smaller screen to where you add the Equipment
Details.
3.1.4 Enter the Hard Drive SN, the HD Manufacturer, and the Parent Serial (Chassis SN) of
the PC (or Device) the Hard Drive(s) were removed from.
3.1.5 Lastly, ensure the ‘Create with Status’ indicating Destroyed is selected
3.1.6 Once completed, click on the “2) Submit & Continue” button for rapid data input.
Repeat this until all disks are entered into our Chain of Custody Database.
13
12-02-2021 Procedure 6.0
14
12-02-2021 Procedure 6.0
3.2 SAP Data Recording Process
3.2.1 You will need to close out the Inspection Lot to release the equipment from QI to
Unrestricted
3.2.2 Log onto an SAP screen and perform the function IQ03 on one of the PC serial number
to obtain the Inspection lot number for that Material.
3.2.3 Click on the ‘History tab’
3.2.4 In this History screen you will see the Inspection Lot # (beginning with 80000######),
15
12-02-2021 Procedure 6.0
and the qty of PC’s in the Inspection Lot.

3.2.5 On a separate SAP screen, run the function QE51N.
3.2.6 Ensure that the Plant number is correct, and then enter the Material # of the PC for
which you are closing the Inspection Lot. Then press ‘Execute’ (F8).
16
12-02-2021 Procedure 6.0
3.2.7 On the left side of the screen you will see a list of Inspection lot #’s for this material,
find the correct lot # that you identified in the IQ03 screen. Open the ‘Required
Recording’ drop down window, and enter the results. (Enter the ‘Inspected’ qty (total
qty of lot)/ and 0 in the ‘Nonconf’ Field). Then hit the green check mark (save). Next,
double click on the actual Inspection lot #.
17
12-02-2021 Procedure 6.0
3.2.8 This will bring you to the ‘Record Usage Decision: Characteristic Overview’ screen. At
the bottom of the page in the Usage decision section, select a UD Code (Open Drop
down).
Note: For RMA’s use ‘RETN1340 Returns in Plant’, for PO deliveries use ‘UD1340 GR
UD’s For Plant’. For other Plants outside of Metro, the plant numbers will vary.
3.2.9 In Usage Decision, drop down select ‘R2- Rework Rejected and Wiped’.
18
12-02-2021 Procedure 6.0
3.2.10 Next, go to ‘Inspection Lot Stock’ tab. Enter the total PC qty of the lot in the ‘To
unrestricted use’ field (as outlined in the ‘To be posted’ section). Hit ‘Proposal’ to
ensure all qty’s are correctly allocated. Finally, hit the ‘save’ button to post your
results.
19
12-02-2021 Procedure 6.0
4. APPENDIX
4.1 Approved Shredders

AMS2000 HD/SSD Shredder
FlashEx SSD/Hard Drive/Tablet/Phone Shredder
20
12-02-2021 Procedure 6.0
Garner PD-5 Table Top Hard Drive Destroyer
SOLID STATE DRIVES (e.g. SATA & NVMe FORM FACTORS)
21

Ensuring Data Security for Returned Bloomberg PCs

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ensuring Data Security for Returned Bloomberg PCs

Uploaded by

Copyright:

Available Formats

PT-10-277

Ensuring Data Integrity for Bloomberg PC

09/14/2016 1.0 Document Initiated

Revision Date: 12-2-2021

Name Region E-Mail Address

John O’Shea North America joshea6@bloomberg.net

About This Document:

2.1 Use of Tamper Resistant Devices

ZRX (PC REPLACEMENT) ZRE (REMOVAL)

2.3 Inspection of Internal Components

 Note: There is a video showing the inspection process located at:

2.4 Storage of PC Returns in BOS/Supply Chain Locations

2.5 Handling of PCs upon Return to Bloomberg Warehouses

 Enter the Material and Serial number of the PC

 State missing Tamper Proof Tag

2.6 Data Sanitization

2.7 BIOS Password Reset Process for BBPCs

2.7.1 HP800 G1-G5 PC BIOS Password Reset Process:

2.7.1.1 Open PC Cover

Note: A Video procedure showing this process can be found at

G:\Admin-Shared\METRO WAREHOUSE\Video Procedures\Resetting PC BIOS

2.7.2.1 Place the PC on Hold and move to Quality Sloc 0090.

Figure 2.7A: Location of service details for G6 Password BIOS reset.

2.8 Hard Drive Destruction Validation Process:

3. DATA RECORDING PROCESS

3.1 Chain of Custody Recording Process

3.2 SAP Data Recording Process

3.2.3 Click on the ‘History tab’

and the qty of PC’s in the Inspection Lot.

4.1 Approved Shredders

FlashEx SSD/Hard Drive/Tablet/Phone Shredder

Garner PD-5 Table Top Hard Drive Destroyer

SOLID STATE DRIVES (e.g. SATA & NVMe FORM FACTORS)

You might also like