This Control applies to all information resources managed by the university.

The owner of an information resource, or designee, is responsible for ensuring that the measures described in this Control are implemented.

Information system users shall sanitize information system media prior to disposal, release from university control, or release for sale or reuse.

• 1.1

  Sanitization may be by such means as:

  • 1.1.1

    overwriting or modifying media to make it unreadable or indecipherable, or

    Related Resource

    See links under "Disposing of Computers"

  • 1.1.2

    physically destroying media.

• 1.2

  Disposal must be in accordance with state requirements and applicable university records retention schedules and data classification.

  Related Resource

  View Texas Government Code §441.187 Destruction of State Records
  

  Related Resource

  Review Texas Administrative Code §6.95 Final Disposition of Electronic State Records

  Related Resource

  See Texas A&M Surplus Property Procedures and e-shredding for hard drives

  Related Resource

  View Texas A&M Records Retention Schedule

Media containing Critical, Confidential or University-Internal data must be protected (e.g., encryption, sanitation, etc.) prior to releasing to any third party (unauthorized user).

Information resource owners, or desginee, shall keep a record documenting the removal and completion of sanitization of media that stored data classified as confidential or higher with the following information:

• 3.1

  Date,

• 3.2

  Description of the item(s) and serial number(s),

• 3.3

  Inventory number(s),

• 3.4

  The process and sanitization tools used to remove the data or method of destruction; and

• 3.5

  The name and address of the organization the equipment was transferred to.