V. DATA LIFE CYCLE
All data within an organization have a finite life cycle. Retention of this data beyond their useful life exposes the organization to unnecessary risk of compromise or disclosure. It is therefore important that the organization have both a retention and destruction policy.
- Retention Policy:
The retention policy should be realistic and take into account the importance of the data or information to the organization in the future. Files should be marked at the time of their origin for automatic destruction. Files which are company private and do not have an automatic destruction date should be reviewed by the originator and by a company security office for review before release.
When a company's private files are reviewed and it is determined that they are no longer needed, The originator and all users should be notified that the status of the data or information is to be changed. A reasonable time might be specified before destroying the files.
- Destruction Policy:
Once it has been determined that the files have outlived their usefulness, they should be destroyed. The following is a sample procedure that one may use for this destruction.
- Removable media shall be overwritten (if appropriate) with a binary pattern. One method for overwriting is to overwrite all storage locations with either all 1’s or 0’s three consecutive times.
- Removable media may be erased by exposing the recording surface to a permanent magnet having a field strength at the recording surface greater than the magnetic intensity that recorded the material on the media. (e.g., A degausser)
- Non-removable media shall be checked immediately before beginning the overwrite procedure to ensure that malfunctions do not occur that will prevent the classified information from being effectively overwritten. The manufacturer’s specifications shall also be reviewed to determine whether the overwriting procedures are valid for the particular storage media. Some devices may have unique properties that would prevent the complete erasure of classified data without destroying the storage device. Once it is determined that overwriting is appropriate, all storage locations will be overwritten with a binary pattern as described above.
- Non removable media containing company private material that is mechanically or electronically defective and cannot be repaired in a secure facility should be destroyed in accordance with the regulations defined by the company policy.
- It should be noted that the act of formatting a disk does not remove the data and therefore does not meet the definition of declassification.
- Media shall be destroyed by burning, shredding or any other method that assures complete destruction.