General Description
Purpose:
Purpose of the policy is to safeguard CSUB data by removing or destroying information for computers or equipment that is either being redeployed or surplussed.
Definition:
Data is defined by the CSU Information Security Policy and Standards - CSU Data Classification Policy.
Scope:
Applies to all employees and data classified as either Level 1 or Level 2.
Policy/Procedure
It is the policy of CSUB Information Technology Services to remove and/or destroy all institutional data from any computer storage device prior to redeployment or removing equipment from campus operation via either surplus or disposal.
The primary reason for this is a concern for confidential, high risk data and software programs that may be on the computers. All computers released by campus departments must pass through an ITS standard disk wiping process before they can be redeployed, sold, donated or disposed of via the survey process.
Review (Frequency and Process)
This policy shall be reviewed every two years by the Chief Information Security Officer and provided to the Associate Vice President & CIO for approval.