CTPAT Breakdown: 4.13

Item 4.13

All media, hardware, or other IT equipment that contains
sensitive information regarding the import/export process
must be accounted for through regular inventories. When
disposed, they must be properly sanitized and/or
destroyed in accordance with the National Institute of
Standards and Technology (NIST) Guidelines for Media
Sanitization or other appropriate industry guidelines.

Implementation Guidelines

Some types of computer media are hard drives, removable drives, CDROM or CD-R discs, DVDs, or USB drives.
The National Institute of Standards and Technology (NIST) has
developed the government’s data media destruction standards.
Members may want to consult NIST standards for sanitization and
destruction of IT equipment and media.
Media Sanitization:
https://www.nist.gov/publications/nist-special-publication-800-88-
revision-1-guidelines-media-sanitization

So IT staff need to maintain an inventory of all computer equipment and removable media.

Implementaion

There are many systems available for inventorying computer devices.

Tracking removable media is another story though. If DLP is used that system requires registration of all removable media and a listing can be generated. Without using DLP all removable media is manually tracked.

There may exist some method for tracking removable media upon use in a desktop. Possibly via an event log.

For disposal of optical discs I’d just shred them.

For disposal of magnet media such as hard drives I’d remove and destroy the platters then recycle the rest as scrap.

Flash media should be dismantled with the storage chips being destroyed and other parts recycled where possible.

Bookmark the permalink.

Comments are closed.