Media Sanitization Standard

Policy

Emory policy 5.26 Electronic Waste Disposal Policy requires that all electronic assets be disposed of via official Emory Protocols for Electronic Waste Disposal.  This policy also prohibits the sale or donation of Emory electronic assets to members of the Emory community or external third parties other than Emory’s approved electronic waste processing vendor(s).  The policy does, however, allow for the transfer of data-bearing assets under some circumstances, as long as appropriate media sanitization processes are followed before the assets are transferred. 

This Electronic Media Sanitization Standard establishes the minimum appropriate media sanitization processes to be following before transferring any data-bearing electronic assets. 

Standard Scope

This standard applies to all situations where ownership of an asset is being transferred.  Examples include the following situations:

  • Transfer of electronic media within a department. For example, a computer used by a former employee is given to a new employee.
  • Transfer of electronic media from one Emory department to another Emory department.
  • Transfer of electronic media from Emory to an external third party other than Emory’s approved electronic waste processing vendor(s). This includes sending electronic media back to a provider, such as sending a leased copier back to the leaser.

Standard

  • Wiping magnetic media is sufficient when the media has been overwritten entirely with at least one (one pass wipe) or more passes (multi-pass wipe).
  • Solid state hard drives (SSDs) must be wiped utilizing a utility that can issue an “ATA Secure Erase” command. ATA Secure Erase utilizes functions built into the device’s firmware that will securely wipe any stored data.
  • The transfer of media containing data to external third parties is allowed when that media is being transferred for the purposes of sharing data with the third party. However, if the data is sensitive or confidential it must first be encrypted before transfer. See Emory’s Disk Encryption Policy.
  • Smart devices, such as smart phones and tablets, must be wiped using their internal wiping mechanisms.

If the media will be transferred internally (not leaving Emory’s possession):

Media TypeApproved Sanitization Method(s)
Magnetic Hard DiskRe-imaging, Formatting, Wiping
Solid State Media (Solid state hard drives, flash drives, SD Cards)Re-imaging, Formatting, Wiping
Smart Devices (smart phones, tablets)Wiping (use device’s built-in wipe functions)
Optical Media (CDs/DVDs, Laser discs)None - Physical Destruction Required. See Emory’s Electronic Waste Protocol
Other Magnetic Media (Floppy disks, Zip disks, magnetic tape drives)Formatting, Wiping

If the media will be transferred externally (leaving Emory’s possession) to a party other than Emory’s approved electronic waste processing vendor(s):

Media TypeApproved Sanitization Method(s)
Magnetic Hard DiskWiping
Solid State Media (Solid state hard drives, flash drives, SD Cards)Wiping (for solid state hard drives, tools must support ATA Secure Erase. See tool list below)
Smart Devices (smart phones, tablets)Wiping (use device’s built-in wipe functions)
Optical Media (CDs/DVDs, Laser discs)None - Physical Destruction Required. See Emory’s Electronic Waste Protocol
Other Magnetic Media (Floppy disks, Zip disks, magnetic tape drives)Wiping

Disposal Services and Tools

  • Darik’s Boot and Nuke (DBAN) – Freely available wiping utility that can be used to boot a system and wipe its internal (magnetic only) drives.
  • Blanco Drive Eraser – Licensed version of DBAN that includes support for ATA Secure Erase for solid-state drives.
  • Eraser – Freely available wiping utility for Windows that can be used to erase attached media.
  • HDDErase – Freely available wiping utility that can initiate the proper ATA Secure Erase process for solid-state drives.
  • KillDisk Ultimate – Paid utility for wiping magnetic and solid-state drives.

Definitions

  • Wiping – The process of entirely overwriting media with one or more passes.
  • Formatting – Formatting media erases the existing file system and creates a new file system on the media. Formatting does not actually erase data, and it can still be recovered by special tools.
  • Re-imaging – The process of formatting and repartitioning a drive so that a new file system is created, and an operating system is installed.