IT 09 101 Electronic Media Sanitization 07 22 2010 by 9yrqxC81

VIEWS: 7 PAGES: 2

									                                   DEPARTMENT OF MANAGEMENT SERVICES
                                          ADMINISTRATIVE POLICY

                                                                     POLICY NUMBER
 TITLE: Electronic Media Sanitization
                                                                       Information
 EFFECTIVE: July 1, 2009                                               Technology
 REVISED:                                                                 09-101




PURPOSE

This policy identifies the minimum standards to use when disposing of electronic media
that may contain confidential and/or exempt information.

SCOPE

This policy is applicable to all DMS employees, and pertains to DMS-owned electronic
equipment.

AUTHORITY

Florida Administrative Code: 60DD-2.009

DISTRIBUTION

  The following individuals
  should be notified of this                    Method of Notification
           policy
 All DMS Employees              Information Security Awareness Training
                                DMS communications via employee e-mail
                                 distribution list
                                DMS Web site
 DMS Division Directors         E-Mail from the Chief Information Officer (CIO) at
                                 initial roll-out
 DMS IT Staff, Retirement       DMS IT Status Meeting; E-Mail memorandum from
 IT Services contract            the CIO to DMS IT Services contract managers
 manager,
 Telecommunications IT
 Services contract manager




Page 1 of 2                                    DMS Policy No. Information Technology 09-101
DEFINITIONS

       Word/Term                                     Definition
 Electronic Media          Forms of media that contain electronic bits and bytes for data
                           storage. This includes hard drives, magnetic tape, optical
                           storage, memory devices and networking equipment.
 Sanitization              The process of removing data from media, so that the data
                           may not be retrieved or reconstructed.


POLICY

DMS is committed to protecting confidential and/or exempt information.

 All electronic media devices, including hard disk drives, magnetic tape, optical storage
drives, and electronic circuit memory devices that may contain confidential and/or
exempt information must be properly sanitized in accordance with the publication
"Guidelines for Media Sanitization: Recommendation of the National Institute of
Standards and Technology, (NIST) Special Publication 800-88”, prior to repurposing
outside of the Division of ownership, or leaving the custody of the department for
disposition.

Media disposition or repurposing must be accomplished by the DMS IT program within
the Division of Administration. Equipment disposition by another division must be
approved by the Chief Information Officer.

The Information Security Manager shall maintain a copy of the NIST publication
"Guidelines for Media Sanitization”, and ensure all employees responsible for
sanitization follow its guidelines.


RESPONSIBILITIES

     Individual
                                               Responsibilities
     or Group
 Information            Maintain a current copy of Guidelines for Media Sanitization:
 Security Manger         Recommendation of the National Institute of Standards and
                         Technology, and make available to DMS IT teams responsible
                         for disposition.
 DMS IT                 Maintain awareness of and follow acceptable sanitization
                         practices.
 Division               Ensure adherence to this policy.
 Directors



ASSOCIATED FORMS

None.

Page 2 of 2                                      DMS Policy No. Information Technology 09-101

								
To top