Sanitization and Disposal of Information Resources Policy

Published: March, 2010
Revised: March, 2023

I. Introduction

A large volume of Data is stored on Systems (as each such term is defined in the OMG Information Security Charter (the “Charter”) https://www.omahamediagroup.com/isc throughout OMG. A substantial amount of this Data consists of Sensitive Data or Confidential Data (as each such term is defined in the Charter). Unauthorized disclosure of such Data may expose OMG to legal liability. Data sanitization is the deliberate and permanent removal of Data from an Information Resource. This Policy defines the appropriate sanitization and disposal methods to be used.

Capitalized terms used herein without definition are defined in the Charter.

II. Policy History

The effective date of this Policy is March 30, 2010.
Reviewed and/or revised March 14, 2023.

III. Policy Text

Each System Owner, Data Owner, IT Custodian and User is responsible for determining if Sensitive Data or Confidential Data is present on the Information Resource by, for example, periodically scanning the Information Resource using software provided by OMGIT and sanitizing all Information Resources with hard drives and Removable Media under his/her control prior to removal from OMG in accordance with the following guidelines:

A. Non-Sensitive and Non-Confidential Data.

Data other than Sensitive Data or Confidential Data may be deleted and/or re-formatted.

B. Sensitive Data and Confidential Data

Sensitive Data and Confidential Data.

Sensitive Data and Confidential Data must be sanitized or disposed of in a manner that leaves

the Data fully unrecoverable. Except as provided below, this can be accomplished by using

one of the following methods:

Data deletion software provided by OMGIT;
Information Security Office-approved destruction hardware to physically render the Data storage media inoperable, such as degaussing, shredding, pulverizing or melting;
Release of the Information Resource containing storage media to OMGIT for destruction and disposal; or
Release of the Information Resource containing storage media to an Information Security Office-approved vendor.

Sensitive Data constituting ePHI must be sanitized and disposed of.

All paper based Sensitive Data or Confidential Data must be destroyed using cross-shredding or

through a contract with an Information Security Office approved-vendor.

IV. Cross References to Related Policies

The Information Security Policies and certain additional documentation referred to in this Policy are listed in Appendix A hereto.

Appendix A

Related Policies

Policies: https://www.omahamediagroup.com/isc

Sanitization and Disposal of Information Resources Policy

I. Introduction

II. Policy History

III. Policy Text

A. Non-Sensitive and Non-Confidential Data.

B. Sensitive Data and Confidential Data

IV. Cross References to Related Policies

Contact Us

OMG Evolves into Monstrous Media Group: The New Era

Google’s Broad Core Update August 2023

VMWare Server Environment: Performance Issue - Resolved

Independence Day Operational Hours - July 4, 2023

Cloud VPS Server Maintenance - June 20, 2023

Software Maintenance Window - May 21, 2023

Latest Trends in Digital Marketing for 2024

Boost Your Email Marketing: A Kid-Friendly Guide

Discover the Best Tips for Making Awesome Mobile Apps in 2024

How to Design a Website That Ranks Well on Google

Understanding PPC: How to Get Started with Pay Per Click Campaigns

Key Digital Marketing Trends to Watch in 2024

Social Media

Newsletter

Monster Gallery