To avoid covered data remnants from being accessed by unauthorized parties in legacy covered devices, follow the recommendations below to delete covered data before retiring the covered device. RecommendationsÄuring a covered device’s lifecycle, it may need to be retired for various reasons such as upgrades, migration or project closing. Unauthorized parties can acquire unencrypted data stored on the device. Storage media are prone to physical theft and loss. For those devices that cannot be overwritten (defective hard drives, CDs/DVDs), Resource Custodians must ensure the device is destroyed prior to disposal. Resource Custodians must ensure that any systems (laptops, workstations, and servers) and devices (smartphones, USB drives) storing covered data must be securely overwritten or wiped using an approved secure file deletion utility upon decommission of the device to ensure that the information cannot be recovered. The recommendations below are provided as optional guidance to assist with achieving the Secure File Deletion requirement. UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.
0 Comments
Leave a Reply. |