Server Decommissioning and Data Sanitization Policy

• Table of Contents

  • EDC Inc Server Decommissioning and Data Sanitization Policy
  • Scope
  • Policy
  • Server Decommissioning
  • Data Sanitization
  • Responsibilities
  • Exceptions
  • Enforcement
  • Review and Update
  • Summary

EDC Inc Server Decommissioning and Data Sanitization Policy

This policy outlines the procedures and responsibilities for decommissioning servers and sanitizing data at EDC Inc. It is designed to ensure that all decommissioned servers and data are handled in a secure and compliant manner.

Scope

This policy applies to all EDC Inc employees, contractors, and third parties who are responsible for the decommissioning of servers and the sanitization of data. This includes, but is not limited to, the IT Server Operations, IT Server Build Operations, IT-SOC, Corporate Physical Security, IT Security Operations, IT Monitoring Operations, IT Database Operations, and IT Audit and Compliance departments.

Policy

Server Decommissioning

When a server is no longer needed, it must be decommissioned in a secure and controlled manner. The decommissioning process is managed by the IT Server Operations department and includes the following steps:

• Approval for decommissioning must be obtained from the IT Director.
• The server must be removed from the Active Directory and the CMDB inventory management tool.
• All data on the server must be backed up and securely stored.
• The server must be physically secured and its access logs reviewed by the Corporate Physical Security department.
• The server must be wiped clean of all data and software.
• The server must be physically destroyed or disposed of in a secure and environmentally friendly manner.

Data Sanitization

Before a server is decommissioned, all data stored on it must be sanitized. The data sanitization process is managed by the IT Security Operations department and includes the following steps:

• All data must be backed up and securely stored.
• All data must be permanently deleted from the server.
• The server must be wiped clean using approved data sanitization methods.
• The data sanitization process must be documented and verified by the IT Audit and Compliance department.

Responsibilities

All EDC Inc employees, contractors, and third parties involved in the decommissioning of servers and the sanitization of data are responsible for complying with this policy. This includes obtaining the necessary approvals, following the prescribed procedures, and documenting their actions.

Exceptions

Any exceptions to this policy must be approved by the IT Security department. This includes servers that are not patched every 30 days due to an IT Exception. In such cases, the IT Security department must review and approve the exception, and the server must be monitored closely by the IT Monitoring Operations department.

Enforcement

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract. Any suspected violations of this policy should be reported to the IT-SOC department immediately.

Review and Update

This policy will be reviewed and updated annually by the IT Audit and Compliance department to ensure that it remains relevant and effective.

Summary

The Server Decommissioning and Data Sanitization Policy at EDC Inc is designed to ensure that all decommissioned servers and data are handled in a secure and compliant manner. It outlines the procedures and responsibilities for decommissioning servers and sanitizing data, and applies to all EDC Inc employees, contractors, and third parties involved in these processes. Any exceptions to this policy must be approved by the IT Security department, and any suspected violations should be reported to the IT-SOC department immediately. This policy will be reviewed and updated annually by the IT Audit and Compliance department.