SACS-011

Sanitization Standard

Saudi Aramco: Company General Use

 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Content

1. Purpose ........................................................................................................................................ 3
2. Scope ............................................................................................................................................ 3
3. Change Control ........................................................................................................................... 3
4. Policy Deviation .......................................................................................................................... 3
5. Terms and Definitions ............................................................................................................... 3
6. Requirements for Sanitization ................................................................................................. 4
7. Recommended Sanitization method of Specific Media........................................................ 6
8. Approval ..................................................................................................................................... 12

2
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

1. Purpose
This standard defines the minimum requirements for ensuring that Company’s Data is
permanently removed from media before disposal or reuse to protect against unauthorized
access or disclosure.

2. Scope
This standard applies to all media assets owned, leased, operated or maintained by Saudi
Aramco.

3. Change Control
Changes made to the standard documentation will be highlighted using the following
labelling scheme.

Status Name Description

Modified An existing standard or guideline that has been changed.

A new standard or guideline that has been added and approved for
New
this release.

A regulatory requirement mandated by the National Cybersecurity

NCA
Authority.

4. Policy Deviation
In the event compliance with security requirements is not feasible, policy deviation must
be requested from the Information Security Department (ISD) by submitting a CRM request.

5. Terms and Definitions

Please refer to the list of terms and definitions.

3
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

6. Requirements for Sanitization

General Requirements

SS 1.1 Physical assets (hard copy or electronic media) that hold company data must
be securely sanitized or physically destroyed before being loaned,
transferred, decommissioned, donated, surplused or disposed.

Media that cannot be sanitized must be destroyed. These include, but are
not limited to:
SS 1.2 a) microfiche and microfilm;
b) optical discs;
c) programmable read-only memory;
d) read-only memory;
e) faulty media device that cannot be sanitized.

Media sanitization must follow the below guidance in accordance with

Section 7 “Sanitization method” listed in this document:
a) sanitization is not needed if media is transferred within the
SS 1.3 department with approval from the data owner;
b) apply clear method if media is being repurposed or reissued within
Saudi Aramco (not leaving Saudi Aramco’s control);
c) apply purge method if media is not being used by Saudi Aramco
(leaving Saudi Aramco’s control);
d) media must be destroyed if it reaches end of life or not used by Saudi
Aramco.

Media must be sanitized using an approved software which at a minimum:

SS 1.4 a) overwrites the entire electronic storage device making it impossible
to recover any data;
b) overwrite all sectors, blocks, tracks, and any unused disk space;
c) perform three overwrite passes and a verification pass;
d) verifies that all data has been removed successfully.

Record of sanitization must be created and at a minimum include the

following information:
SS 1.5 a) listing personnel who requested, reviewed, approved and performed
sanitization;
b) storage media information (Media Type, Vendor, Model Number,
Serial Number, Quantity);
c) sanitization type (Clear, Purge, Destroy).

SS 1.6
Records of sanitization must be maintained for verification and tracking.

4
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

General Requirements

SS 1.7
Labels or markings indicating the association of any media with Saudi Aramco
must be removed prior to disposal.

SS 1.8
Media devices must be secured to prevent loss or theft during preparation
and transportation to appropriate centers for disposal/sanitization.

S.1.9
United States National Security Agency (NSA) or the United Kingdom’s
National Cybersecurity Center certified degaussers must be used.

S.1.10
The degausser must render the media device permanently unusable.

Media devices, requiring physical destruction, must be destroyed in such a

way that the recovery of data is impossible. Destruction methods include:
S.1.11 a) shredding;
b) disintegration;
c) grinding;
d) crushing;
e) incineration.

S.1.12
Sanitization equipment and related process must be tested annually to
ensure data is irrevocably deleted from media devices.

S 1.13
Business, security and legal retention requirements must be complied with
prior to media sanitization.

5
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

7. Sanitization method of specific media

Refer to the following tables for the appropriate mechanisms of performing the sanitization
method on the type of media.

Mobile Devices Sanitization

Type of Device Clear Purge Destroy

• Delete all
Refer to the device
information
manufacturer (or
manually.
service provider, if
applicable) to
• Perform a full
identify whether the Shred, Disintegrate,
Cell phones, smart reset through the
device has a Purge Pulverize, or
phones, PDAs, device’s settings
capability that Incinerate by burning
tablets, and other menu (refer to
applies media- the device in a
mobile devices the device
dependent licensed incinerator.
manufacturer for
sanitization
the method of
techniques to ensure
restoring to
that data recovery is
factory default
infeasible.
settings).

Office Equipment Sanitization

Type of equipment Clear Purge Destroy

Refer to the device

manufacturer or
service provider to
Perform a full Shred, Disintegrate,
identify whether the
manufacturer’s reset Pulverize, or
device has Purge
Copier, printer, fax, to reset the office Incinerate by
capability to ensure
and multifunction equipment to its burning the device in
that data recovery is
machines default factory a licensed
infeasible.
settings. incinerator.

(Use Destroy in
case Purge capability
is unavailable).

6
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Flash Memory-Based Storage Device Sanitization

Type of Media Clear Purge Destroy

Overwrite media by
using organizationally
approved software Shred, Disintegrate,
Apply the ATA
and perform Pulverize, or
sanitize command by
ATA Solid State verification on the Incinerate by burning
using the block
Drives (SSDs) overwritten data the device in a
erase service.
licensed incinerator.
If supported, use the
ATA security feature
set’s SECURITY ERASE
UNIT command.

Overwrite media by
using organizationally
approved software Apply the SCSI Shred, Disintegrate,
and perform SANITIZE command Pulverize, or
verification on the by using the block Incinerate by burning
SCSI Solid State
overwritten data erase service. the device in a
Drives (SSSDs)
licensed incinerator.
The Clear pattern
should be at least a
single write pass with
a fixed data value.

Overwrite media by
using organizationally
approved software
and perform
Shred, Disintegrate,
verification on the
Pulverize, or
overwritten data
USB Removable Incinerate by burning
Media The Clear pattern Use destroy. the device in a
should be at least licensed incinerator.
two write passes, to
include a pattern in
the first pass and its
complement in the
second pass.

7
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Using organizationally
approved software
and perform
verification on the Shred, Disintegrate,
overwritten data Pulverize, or
Incinerate by burning
Memory Cards The Clear pattern Use destroy. the device in a
should be at least
licensed incinerator.
two write passes, to
include a pattern in
the first pass and its
complement in the
second pass.

Magnetic Media Sanitization

Type of Media Clear Purge Destroy

Overwrite media by
using organizationally
approved software Shred, Disintegrate,
Degauss in an
and validate the Pulverize, or
Floppies, Magnetic organizationally
overwritten data. Incinerate by burning
Disks approved degausser.
The Clear pattern the device in a
should be at least a licensed incinerator.
single write pass with
a fixed data value.

Re-record (overwrite)
all data on the tape
using an
Degauss in an Shred, Disintegrate,
organizationally
Reel and Cassette organizationally Pulverize, or
approved pattern,
Format Magnetic approved degausser. Incinerate by burning
using a system with
Tapes the device in a
similar
licensed incinerator.
characteristics to the
one that originally
recorded the data.

Shred, Disintegrate,
Overwrite media by Degauss in an
Pulverize, or
ATA & SCSI Hard using organizationally organizationally
Incinerate by burning
Disk Drives approved software approved automatic
the device in a
and perform degausser.
licensed incinerator.

8
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

verification on the
overwritten data.
The Clear pattern
should be at least a
single write pass with
a fixed data value.

Networking Devices Sanitization

Type of Device Clear Purge Destroy

Refer to the device

manufacturer or
service provider to
Shred, Disintegrate,
Perform a full identify whether the
Pulverize, or
manufacturer’s reset device has Purge
Incinerate by
to reset the router or capability to ensure
Routers & Switches burning the device
switch to its factory that data recovery is
in a licensed
default settings. infeasible.
incinerator.

(Use Destroy in
case Purge capability
is unavailable).

RAM-Based and ROM-Based Storage Device Sanitization

Type of Media Clear/Purge Destroy

• Power off device containing

DRAM.
Dynamic Random Shred, Disintegrate, Pulverize, or
• Remove device from the
Access Memory Incinerate by burning the device
power source.
(DRAM) in a licensed incinerator.
• Remove the battery (if there
is one).

Electronically Perform a full chip purge as Shred, Disintegrate, Pulverize, or

Alterable PROM described in the manufacturer's Incinerate by burning the device
(EAPROM) data sheets. in a licensed incinerator.

Overwrite media by using

Electronically Shred, Disintegrate, Pulverize, or
organizationally approved and
Erasable PROM Incinerate by burning the device
validated overwriting
(EEPROM) in a licensed incinerator.
technologies/methods/tools.

9
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Optical Media Sanitization

Type of Media Clear/Purge Destroy

Destroy in order of
recommendations:

• Use a commercial grinding

device to remove the
information bearing layers of
optical media
Dynamic Random • Incinerate optical disk media
Access Memory using a licensed facility.
N/A
(DRAM) • Use an optical-disk shredder or
disintegrator device to reduce
the CD to particles that have a
nominal edge dimension of five
millimeters and surface area of
twenty-five square millimeters,
or smaller.

Peripherally Attached Storage Sanitization

Type of Media Clear Purge Destroy

Overwrite media by Refer to the device

using manufacturer to
organizationally identify whether the
approved and tested device has a Purge
overwriting capability that
External Locally Shred, Disintegrate,
technologies/method applies media-
Attached Hard Pulverize, or
s/tools. The Clear dependent
Drives. This Incinerate by
pattern should be at techniques (such as
includes, USB, burning the device in
least a single pass rewriting, block
Firewire, etc. a licensed
with a fixed data erasing,
(Treat eSATA as ATA incinerator.
value, such as all Cryptographic Erase,
Hard drive.) etc.) to ensure that
zeros. Multiple
passes or more data recovery is
complex values may infeasible.
alternatively be Use destroy if purge
used. is ineffective.

10
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Hard Copy Storage Sanitization

Type of Media Clear/Purge Destroy

Destroy paper using cross cut
shredders which produce particles
that are 1 mm x 5 mm (0.04 in. x
0.2 in.) in size (or smaller), or
pulverize/disintegrate paper
materials using disintegrator
Paper and
N/A, see Destroy devices equipped with a 3/32 in.
microforms
(2.4 mm) security screen.

Destroy microforms (microfilm,

microfiche, or other reduced
image photo negatives) by
burning.

11
Saudi Aramco: Company General Use
 Document Responsibility: Information Security Department
SACS-011 | Issue Date: February 2021

Approval

Khalid S. Al-Harbi
Chief Information Security Officer

12
Saudi Aramco: Company General Use