You are here:
You are here: Publications 
Sustainable development Information and Communication Technology (ICT) Equipment Good Practice Guidelines for Environmental Sustainability: Review of current practice in Govt3 agencies Online version
Archived publication
This publication is no longer current or has been superseded.
7 Security cleansing
Practices for security-wiping computer hard drives and portable communications equipment – mobile phones and personal data assistant (PDAs) – varied widely among the Govt3 agencies. All accepted the need for deleting data from hard drives and mobile phone memories before disposing of equipment, but most relied on others to do this. Many referred to the US Department of Defense standard3 for security wiping hard drives, but most had no formal procedures to ensure this was implemented. Other security-cleansing software used included Norton’s Diskwipe, Darik’s Boot and Nuke (DBAN), Scan Wipe, BC Wipe and Killdisk.
The Government Communications Security Bureau recommends a product called Blancco.4 However, most agencies rely on the company responsible for disposing of the hardware to ensure that all data are appropriately removed. There are exceptions. Agencies with classified information ensure hard drives are security wiped before leaving their premises and then physically destroyed with acid baths or by drilling holes through the drives.
At the time of the survey little consideration was given to security cleansing of mobile phones, and as hand-held PDAs are a new technology no agency has yet had to face the issue of their disposal. Agencies with GSM mobile phones typically removed the SIM cards, where any sensitive information such as phone directories is stored. Some agencies were physically destroying mobile phones as a security measure and landfilling the waste. However, physical destruction is not necessary, it precludes any possible further use and has a negative environmental impact when landfilled. It is expected that agencies will expand their security cleansing practices to mobile phones and hand-held devices and adopt more environmentally friendly disposal methods.
3 US Department of Defense Standard 5220.22-M specifies a minimum overwrite of three times, but depending on the level of sensitivity of the information up to seven times is recommended.
4 Blancco, http://www.blancco.com, distributed in New Zealand by ComSec New Zealand, http://www.comsecent.co.nz.
