We've have various off the cuff discussions about what should be done with decommissioned machines and hard disks, but I couldn't find it written down anywhere, so I'll write down what I think we've agreed here. Neil.

IT Disposal

The official channel for disposal of IT equipment is via CCL (North), the University's approved recycler/disposaler(!). See the UCS notes/guidelines. The service agreement with CCL says they must destroy all hard disks.

IMPORTANT - remember to record disposal in the inventory.

Desktops/Commodity machines

Given the CCL statement, then it was agreed that for commodity machines, ie desktops, we should be happy that CCL will take care of the necessary data distruction.

Servers and data sensitive machines

Though we should be happy with CCL to destroy any data received by them, we have decided that for servers or other machines with potentially sensitive/private/commercial data on them, then we should first wipe the disks [see later] our selves, and then remove them from the machines. These disks should then be given to CCL for specific destruction.

Wiping disks

It was agreed, that for all practical purposes, just writing zeros to a disk is sufficient to destroy the data. Optionally random data would be better, but takes longer. Some disks also support a special "wipe disk" ATA command (more details?).

The MDP pie environment contains a decommission menu option to wipe a disk, that could be used.

For DICE machines, then starting an install from PXE boot or CDROM and choosing to go into the shell before the install starts, you could then do:

  dd if=/dev/zero of=/dev/hda bs=64k
for each of hard disks you want to zap.

That's it

Well that's all I can recall. Please correct, update if I've missed something, got it wrong.

