The disposal of media, computer equipment and computer software can create information security risks for Mt. San Antonio College. These risks are related to the potential unauthorized release of sensitive or confidential information, violations of software license agreements, and unauthorized disclosure of intellectual property that might be stored in hard disks and other storage media.
The purpose of this document is to establish the security procedures for the disposal of all data-containing media, including the disposal, storage, transfer or sale of computer equipment.
Employees are required to delete information from their computers if it is clearly no longer needed or potentially useful. Use of an "erase" feature (e.g., putting a document in a trash can icon) is not sufficient for sensitive information because the information may still be recoverable. Sensitive information must deleted via an overwrite program that is available from Information and Educational Technology. Contact the Help Desk for assistance.
Prior to disposal, storage media including floppy disks, CDs, zip disks, hard drives, and tapes containing sensitive information must be destroyed or properly disposed of. This may be accomplished by returning the media to Information and Educational Technology for destruction or by contacting Administrative Services to coordinate the removal of these items by the College's confidential media and document disposal company. All hardcopy containing sensitive information must be disposed of via a shredder or sent to IET for destruction. Storage media may not be donated to charity or otherwise recycled unless they have first been subjected to a zeroization (wipe/obliteration) process approved by IET.
Before computer or communications equipment is sent to a vendor for servicing, all sensitive information must be removed. Likewise before any computer or communications equipment is marked for trade-in, disposal, donation or long-term storage, all sensitive information must be destroyed. Contact the Help Desk for assistance.
All waste copies of sensitive information that are generated in the course of copying, printing, or other sensitive information handling must be destroyed according to the instructions found in this document. If a copy machine jams or malfunctions when employees are making copies of sensitive information, the involved employee should make a reasonable attempt to retrieve the information before leaving the machine.