Computing Equipment Retrieval
Deployed laptops, desktops, tablets, external drives, servers, and other devices containing electronic data are retrieved by IT staff, primarily in CUS, for several reasons:
- troubleshooting, upgrades, and repairs
- reallocation
- decommissioning/disposal
- sequestering for legal/forensic purposes
The guidelines below are intended to ensure the proper handling of equipment and the data that may be stored on them. They apply to all IT staff in all departments.
General Principles
- Under no circumstances shall a device be decommissioned for disposal unless all data have been securely wiped or its storage hardware has been physically rendered permanently unreadable.
- Under no circumstances shall a device be reallocated unless:
- all data have been securely wiped; or
- existing storage media have been replaced; or
- under IT professional staff supervision, the device is being reallocated to someone taking on the responsibilities of the former device user. In this case, the new user must be apprised of any data residing on the device that may be confidential.
- Under no circumstances shall student workers or anyone other than IT professional staff decide whether a device is suitable for reallocation or decommissioning.
- Under no circumstances shall student workers transport, take delivery of, wipe data, destroy storage media, or otherwise handle devices that may contain sensitive data except as directed and supervised by IT professional staff. As part of their duties, Computer Shop student receptionists may receive computing equipment delivered to the Shop directly by staff members. In these cases, student receptionists will notify professional shop staff immediately upon delivery of such equipment in order to receive guidance on appropriate handling and disposition.
- Administrative computing equipment needing repairs may be retrieved by Computer Shop professional staff. Administrative computing equipment retrieved for other purposes shall be retrieved by Computer Shop professional staff and stored in a secure location for up to two weeks (to accommodate possible data reconstruction needs). If a device qualifies for reallocation, Computer Shop staff shall ensure that data are handled as per section #2 regardless of whether the device is reallocated immediately or stored (by the Computer Shop) in anticipation of a future reallocation need. Temporary loaner computers given to administrative staff shall be collected by Computer Shop professional staff and treated as devices that qualify for reallocation.
- Devices used for academic purposes shall be retrieved by CUS staff and the data stored in a secure location for up to two weeks (to accommodate possible data reconstruction needs). CUS staff shall then ensure that data are handled as per section #2 regardless of whether the device is reallocated immediately or stored in anticipation of a future reallocation need.
Procedures for Handling Retrieved Devices
- The decision as to the disposition of a device (storage, reallocation, decommission and recycle) shall be determined by professional Computer Shop staff, in consultation with the Director of CUS, the Deputy CIO or CIO as needed.
- If a device is to be decommissioned or reallocated, its hard drive (or other storage unit) must be securely erased or removed. All removed hard drives must be physically rendered permanently unreadable.
- A written record shall be kept in the Computer Shop ticketing and inventory database for all equipment retrieved by CUS, including:
- the source/user of the device (office/person/etc)
- the date the device is received by the Shop
- the person who dropped off the device
- the person who received the device
- the date that data has been securely erased or the storage component removed by Shop staff
- disposition of the device (returned to stock, reallocation destination or decommissioned)
- date the device leaves Computer Shop storage and name of person authorizing it
updated 3/4/2020; updated 11/15/2022