Media Destruction Guidelines 
Document ID : Media disposal & destruction guidelines V2.00
Created on : December 29, 2021
Prepared By : Shaik
Approved By : Soundrrajan
 Media Destruction Guidelines 
Internal 2 of 5
  1. Scope
This   Guideline   is   applicable   to   all   the   media   assets   used   in   Information   Dynamics,  including but limited to data tapes and compact discs.
2. Purpose
The   purpose   of   this   Guideline   is   to   have   a   detailed   and   secure   disposal   /   re-use  in place for media used for storing information assets.
All   Information   Assets   of   Information   Dynamics   requiring   disposal   /downgrade   are   in  scope.
This   Guideline   is   targeted   at   all   personnel   who   have   access   to   the   information   assets  of Dynamics and are responsible for Disposal i.e.
o Asset Users & Owners
o Process/ Functional Heads
o Information Manager
o Information Management Steering committee
3. Guidelines
All   requests   for   disposal   of   an   asset   should   be   accompanied   by   an   authorized   ‘Media  Disposal   request’   form.   The   need   for   disposal   is   identified   and   approved   by   the   asset  owner. 
3.1.       Disposal  of IT Assets
Prior   to   disposal   /   removal   of   any   IT   equipment   the   IT   team   should   ensure   that   the  data the equipment backed up and is formatted /sanitized.
The steps should performed for disposal of IT assets:
The   concerned   department   on   receipt   of   the   approved   Information   Dynamics  Disposal   Request   Form   shall   sanitize   the   asset   if   required   as   per   the   following  process:
o Any Information Dynamics data on the device / resource, and software  licensed to Information Dynamics, should be removed from the asset.
 Note:  Merely deleting the files is not sufficient to achieve this, since  data recovery software could used by a new owner to "undelete" such  files. 
o disposal should be based on the guidelines prescribed in the  classification of information asset.
 Media Destruction Guidelines 
Internal 3 of 5

Restricted

Confidential

Internal

Public

Completely destroy  all magnetic media

Completely destroy  all media

Completely destroy  all magnetic media.

No special  requirements

Completely destroy  floppy diskettes.

Preferably destroy  floppy diskettes

Preferably destroy  floppy diskettes and  tapes. the  hard disk


Format disks.

hard disks



Owner to observe  and verify the same. 

Owner to observe  and verify the same. 

























o and Disk Cleaning be per the following matrix:
 Note:   containing Sensitive/ data should be destroyed rather  than securely deleted

Media

Deletion steps

Sanitization steps

Non- Rigid Disk (hard drive)

B

A,C or E.

Rigid (Zip, other)

A,B

A,C or D.

Read Many, Many (CD-RW)

B

D

Read Only (CD-ROM)

D

D

Paper/Document

D

D





















Deletion/Sanitization Steps:

A

Degauss ( nonmagnetic)

B

all addressable locations with a character

C

Overwrite all addressable locations with a character, its complement, a  random character 

D

Destroy - Disintegrate, incinerate (burn), pulverize (demolish), shred or melt.

E

Destruction only if information is contained.













o disk-space previously used by files should overwritten with  new, meaningless - some fixed pattern (e.g. binary zeroes) or  data. Similarly, the whole hard disk may not in itself  prevent the recovery old data, as it possible for disks be "unformatted".
The concerned personnel should be on disposal of the asset.
In addition, hard should be formatted in the following conditions:
 Media Destruction Guidelines 
Internal 4 of 5
o Disposing of old workstations or servers;
o Return / Disposal of workstations, servers and taken on hire; and
o Issuing workstation laptop to new users.
      3.2. Destruction of Project related data
The   following   process   should   be   followed   before   destruction   of   confidential   and  sensitive data:
o The   IT   Infrastructure   Group   should   obtain   a   documented   confirmation   for  the   request   for   data   destruction   with   approval   from   Process  Head/Functional Head.
o The   request   should   also   contain   the   type   of   data   destruction   confirmed   by  the Process Head/Functional Head.
o The   Process   Head/Functional   Head   should   send   IT   a   list   of   people  involved in the project.
o The   IT   Group   shall   list   the   assets   affected   and   verify   the   data   that   should  be   destroyed.   The   same   is   confirmed   with   the   Process   Head/Functional  Head.
IT Group start the data process in the phases:
o Delete from the PC every team member involved in project
o Delete the data from central storage (i.e., Servers and SAN)
o the data backup tape cartridges (in case of complete data  destruction)
o Delete data from other USB or external device (if available  and during the project) and
o After deleting the data, the IT Group should generate a report for data  destruction and send it to the concerned  Head/Functional Head .
There could be two types of data destruction:
3.2.1. Partial Data Destruction
this case, data shall be deleted permanently the and  central storage (i.e., Server or SAN), shall be available on backup tape  cartridges. These tape cartridges shall be stored in an offsite location on a  monthly/yearly basis. If the data required at a later period, can easily be  recovered from the tape cartridges.
3.2.2. Complete Data Destruction
In this case, data shall be deleted from source storage  available in Information Dynamics. Under this form of data destruction, data once 
 Media Destruction Guidelines 
Internal 5 of 5
deleted cannot be recovered under any situation. Given below are possible sources  of which data gets deleted:
Hard disk drive of usersdesktop
disk of servers
Storage area network
tape cartridges
Any other media such USB device, external hard disk drives, etc
      3.3. Data destruction of Hardcopies /  Printed  Data
Paper   shredders   should   be   used   to   destroy   sensitive   and   confidential   documents   that   are  not   required.   A   record   should   be   maintained   for   all   confidential   /   sensitive   data   that   has  been destroyed. 
Retention period of the record should be 12 years.  
4. 27 References
A.10.7.1 Management of removable media
A.10.7.2 Disposal media
A.10.7.3 Information handling procedure
  5. Related Documents







Disposal Request form









Record destroyed data