Computing Equipment Retrieval
Deployed laptops, desktops, tablets, external drives, servers, and other devices containing electronic data are retrieved by CIS staff, primarily in ACS and CUS, for several reasons:
- troubleshooting, upgrades, and repairs
- sequestering for legal/forensic purposes
The guidelines below are intended to ensure the proper handling of equipment and the data that may be stored on them. They apply to all CIS staff in all departments.
- Under no circumstances shall a device be decommissioned for disposal unless all data have been securely wiped or its storage hardware has been physically rendered permanently unreadable.
- Under no circumstances shall a device be reallocated unless:
- all data have been securely wiped; or
- existing storage media have been replaced; or
- under CIS professional staff supervision, the device is being reallocated to someone taking on the responsibilities of the former device user. In this case, the new user must be apprised of any data residing on the device that may be confidential.
- Under no circumstances shall student workers or anyone other than CIS professional staff decide whether a device is suitable for reallocation or decommissioning.
- Under no circumstances shall student workers transport, take delivery of, wipe data, destroy storage media, or otherwise handle devices that may contain confidential data except as directed and supervised by CIS professional staff. As part of their duties, Computer Shop student receptionists may receive computing equipment delivered to the Shop directly by staff members. In these cases, student receptionists will notify professional shop staff immediately upon delivery of such equipment in order to receive guidance on appropriate handling and disposition.
- Administrative computing equipment needing repairs may be retrieved by Computer Shop professional staff. Administrative computing equipment retrieved for other purposes shall be retrieved by ACS professional staff and stored in a secure location for up to two weeks (to accommodate possible data reconstruction needs). If a device qualifies for reallocation, ACS staff shall ensure that data are handled as per section #2 regardless of whether the device is reallocated immediately or stored (by ACS or the Computer Shop) in anticipation of a future reallocation need. Temporary loaner computers given to administrative staff shall be collected by ACS professional staff and treated as devices that qualify for reallocation.
- Devices used for academic purposes shall be retrieved by CUS staff and the data stored in a secure location for up to two weeks (to accommodate possible data reconstruction needs). CUS staff shall then ensure that data are handled as per section #2 regardless of whether the device is reallocated immediately or stored in anticipation of a future reallocation need.
Procedures for Handling Devices Retrieved by ACS
- The decision as to the disposition of a device (reallocation or decommission) shall be determined in consultation with the CTO or Deputy CTO prior to leaving ACS.
- If a device is to be decommissioned then its hard drive (or other storage unit) must be securely erased or removed prior to delivery to the Computer Shop. All such removed hard drives must be physically rendered permanently unreadable. In circumstances where the secure erasure or removal of the storage unit proves too difficult (e.g., due to hardware disassembly), ACS staff will work with professional Shop staff to ensure erasure or destruction.
- If the computer is eligible for reallocation then its hard drive must be securely erased before it is put into storage, regardless of whether it is stored by ACS or transferred to the Computer Shop for general storage.
- ACS staff shall keep a written record in the Computer Shop ticketing and inventory database of all retrieved devices including:
- the prior use of the device (office/person/etc)
- the date of retrieval
- the person who performed the retrieval
- the decision of whether to reallocate or decommission the device
- the person(s) who made the reallocation/decommission decision
- the date that data is securely erased or the storage unit removed and destroyed
- the person responsible for erasing the data or destroying the storage unit
- If ACS transfers a device to the Computer Shop, either for storage or for disposal, Computer Shop staff shall keep a written record as outlined in the next section.
Procedures for Handling Devices Retrieved by CUS
- The decision as to the disposition of a device (storage, reallocation, decommission and recycle) shall be determined by professional Computer Shop staff, in consultation with the Director of CUS, the Deputy CTO or CTO as needed.
- A written record shall be kept in the Computer Shop ticketing and inventory database for all equipment retrieved by CUS, including:
- the source/user of the device (office/person/etc)
- the date the device is received by the Shop
- the person who dropped off the device
- the person who received the device
- the date that data has been securely erased or the storage component removed by Shop staff
- disposition of the device (returned to stock, reallocation destination or decommissioned)
- date the device leaves Computer Shop storage and name of person authorizing it