o Disposing of old workstations or servers;
o Return / Disposal of workstations, servers and taken on hire; and
o Issuing workstation laptop to new users.
3.2. Destruction of Project related data
The following process should be followed before destruction of confidential and sensitive data:
o The IT Infrastructure Group should obtain a documented confirmation for the request for data destruction with approval from Process Head/Functional Head.
o The request should also contain the type of data destruction confirmed by the Process Head/Functional Head.
o The Process Head/Functional Head should send IT a list of people involved in the project.
o The IT Group shall list the assets affected and verify the data that should be destroyed. The same is confirmed with the Process Head/Functional Head.
▪ IT Group start the data process in the phases:
o Delete from the PC every team member involved in project
o Delete the data from central storage (i.e., Servers and SAN)
o the data backup tape cartridges (in case of complete data destruction)
o Delete data from other USB or external device (if available and during the project) and
o After deleting the data, the IT Group should generate a report for data destruction and send it to the concerned Head/Functional Head .
There could be two types of data destruction:
3.2.1. Partial Data Destruction
this case, data shall be deleted permanently the and central storage (i.e., Server or SAN), shall be available on backup tape cartridges. These tape cartridges shall be stored in an offsite location on a monthly/yearly basis. If the data required at a later period, can easily be recovered from the tape cartridges.
3.2.2. Complete Data Destruction
In this case, data shall be deleted from source storage available in Information Dynamics. Under this form of data destruction, data once