Statement

WTAMU sanitizes information system media prior to disposal, release out of University control, or release for reuse using approved and reliable sanitization techniques and procedures in accordance with applicable federal and organizational standards and policies; and employs sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

Prior to the sale or transfer of data processing equipment to other than another Texas state agency or agent of the state, state organizations shall assess whether to remove data from any associated storage device. Electronic state records shall be destroyed in accordance with §441.185, Government Code. If the record retention period applicable for an electronic state record has not expired at the time the record is removed from data process equipment, the state agency shall retain a hard copy or other electronic copy of the record for the required retention period.

If it is possible that restricted personal information, confidential information, mission critical information, intellectual property, or licensed software is contained on the storage device, the storage device should be sanitized or the storage device should be removed and destroyed. Additional information on sanitization tools and methods of destruction (that comply with the Department of Defense 5220.22-M standard) are provided in the “Sale or Transfer of Computers and Software” guidelines available at DIR WEBSITE.

The University shall keep a record of the date items have storage devices removed for sanitation or destruction.  As well as a record of the sanitation or destruction date and method utilized.