19.10 / Retirement of Computing and Information Technology Resources

  1. Initiating Authority

    The Chief Information Security Officer serves as the initiating authority.

  2. Purpose

    The purpose of this statement is to set forth University policy with regard to required practices for retirement of University computing and information technology resources.

  3. Preamble

    It is an unacceptable practice for personal data and information to remain on University computing and information technology resources upon the cessation of use of those resources by a University department, office or group. Additionally, it may be a violation of a software license to permit software to remain on such resources upon their retirement.

  4. Policy

    1. No University computing and information technology resources may be forwarded to the University Physical Plant Warehouse for salvage, sale or redistribution until and unless Information Technology Services or departmental technical personnel has determined that all data, information and/or software has been permanently deleted from said resources (in accordance with Department of Defense standards relating to deletion of information from computing and information technology resources).
    2. All University computing and information technology resources forwarded to the University Physical Plant Warehouse for salvage, sale or redistribution shall be accompanied by a written statement that all data, information and/or software has been permanently deleted.
    3. Data destruction will follow NIST 800-88 guidelines for media sanitization. The Chief Information Security Officer will be notified if NIST 800-88 guidelines cannot be utilized for media sanitization.
  5. Implementation

    1. This policy shall be included in the WSU Policies and Procedures Manual and shared with appropriate constituencies of the University.
    2. The Chief Information Officer shall have primary responsibility for publication, dissemination and implementation of this University policy.