Media Sanitization (MP-6)

Description

Media sanitization refers to information system media subject to disposal or reuse, whether or not the media is removable. This includes media in scanners, copiers, printers, laptop computers, workstations, network components and mobile devices (e.g., hard drives, flash drives, and other storage media).

Applicability

This Control applies to all information resources managed by the university.
The owner of an information resource, or designee, is responsible for ensuring that the measures described in this Control are implemented.

Implementation

1
Information system users shall sanitize information system media prior to disposal, release from university control, or release for sale or reuse.
- 1.1
  Sanitization may be by such means as:
  - 1.1.1
    overwriting or modifying media to make it unreadable or indecipherable, or
    
    Related Resource
    
    See links under "Disposing of Computers"
  - 1.1.2
    physically destroying media.
- 1.2
  Disposal must be in accordance with state requirements and applicable university records retention schedules and data classification.
  
  Related Resource
  
  View Texas Government Code §441.187 Destruction of State Records
  
  Related Resource
  
  Review Texas Administrative Code §6.95 Final Disposition of Electronic State Records
  
  Related Resource
  
  See Texas A&M Surplus Property Procedures and e-shredding for hard drives
  
  Related Resource
  
  View Texas A&M Records Retention Schedule
2
Media containing Critical, Confidential or University-Internal data must be protected (e.g., encryption, sanitation, etc.) prior to releasing to any third party (unauthorized user).

Media Protection (MP)

Media Sanitization (MP-6)

Description

Applicability

Implementation

Need Help with IT Policy?

Support

FAQs

Glossary