-->
Skip to main content

Protecting data loss from all products

It's not just hard drives that store data. Cascade's data destruction processes clear and destroy data on a wide variety of media that store information.


It's amazing where information is now stored. It's not just on paper and in hard drives, but nearly any device that transmits, prints, logs, or stores information will potentially retain that information. Cascade recognizes that data may be stored on a wide variety of devices and has always worked to address existing and emerging threats to data security during IT asset disposition.

 

CBS News exposes data threats from photocopiers
On April 9, 2010, CBS News ran a national story about information retained on copiers that were supposedly being recycled. This helped alert the public about this potential security threat. See the story from CBS News. But there's a data security risk from nearly every electronic device companies dispose.

 

Cascade is constantly researching methods for proper data destruction techniques consistent with the NIST 800-88 Guidelines for Media Sanitization, Revision 1 (December, 2014). These guidelines include physical and electronic data destruction on a wide array of products. These guidelines replace the legacy Department of Defense 5220.22-M standard. Cascade's NAID certified media destruction processes give you further assurtance we destroy data on your equipment.

 

Cascade provides customers and other interested parties with a Self Audit Packet which details our comprehensive data security program. Contact us if you are interested in a copy. Below is a sample of the types of products we encounter and how we ensure the data are destroyed from these assets.

 

How Cascade destroys information from electronic devices:

For all servers, workstations and laptops
  • Asset tags, labels or other markings not affixed by the manufacturer will be removed. If they cannot be removed the unit will be recycled.
    • Internal parts are checked for customer specific markings.
  • ROM images, logos and slogans will be destroyed/overwritten using a BIOS FLASHING utility.

Servers

  • Any Server or Workstation that uses SCSI will be wiped in such a way as to wipe each drive independently.
    • This is critical because RAID arrays are designed to be fault tolerant (survive the loss of one or more drives) and this can be used to reconstruct data in whole or in part even when disks have been wiped.
    • The RAID array will be configured with each disk being a separate logical drive (without parity without striping).
  • Cards, bays, and slots are checked for media.

Laptops

  • All bays, internal and external, will be checked.
  • All components will be checked to ensure that they do not contain a hard drive or are capable of storing any data.
    • Some hard drives look and feel like battery components.
    • Flash media cards may be left in slots, readers, ports or bays.

Workstations

  • Check internally for drives that are not connected physically to system.
    • These drives would not be wiped by any software unless they are connected or removed.
  • Check all drives, bays, slots, cards and readers for media.
    • Media are physically destroyed.

PDA/Palm/Pocket PC/Handheld

  • Inspect to ensure that all media is removed from readers, bays and slots.
    • Media are physically destroyed.
  • Discharging battery may not be an effective way of ensuring that data is completely overwritten.
  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • Documentation must apply to that device.
    • If documentation does not exist or can be found, the device must be physically destroyed.

Cameras/audio recorders

  • Inspect to ensure that all media is removed from readers, bays, and slots.
    • Media are physically destroyed.
  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • Documentation must apply to that device.
  • If no documentation exists or can be found device must be physically destroyed.

Network Appliances

  • Inspect to ensure that all media is removed from readers, bays, cards and slots.
    • Media are physically destroyed.
  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • Documentation must apply to that device.
    • If documentation does not exist or can not be found, the device must be physically destroyed.

Print Servers (Internal)

  • Connected to PC and reset to factory settings via browser based configuration utility.
  • Print configuration page to verify.
  • Physically destroy if reset/clear/wipe does not work.

Print Servers (External)

  • Hold down TEST button for more than 5 seconds
  • Print configuration page to verify.
    • Physically destroy if reset/clear/wipe does not work.

 

Procedures to Eliminate other Data Loss Threats
Although less obvious and less potentially damaging, our experience has taught us that threats are not limited to what people may be most familiar with. Cascade has adopted a comprehensive information destruction policy to eliminate the potential for personally identifiable information from being retrieved from any device handled by Cascade.  Below is a list of our information destruction processes for a wide array of equipment handled by Cascade.

 

Security System Components (except cameras)

  • Always physically destroyed through demanufacturing and/or shredding.

Printers, Copiers, Multi-function Devices (or paper handling appliances)

  • Remove paper/media with company logo/letterhead from trays, holders, and internal paper path.  Paper documents are recycled (if not personally identifiable) or shredded on-site using a NAID certified document destruction system.
  • Remove hard drives and storage media from device – punch and/or shred on site.

Laser Printers

  • 5 test pages are printed from each printer sold.
    • Completely overwrites the Photo static Drum Assembly which may retain image of last printed document.
  • Remove any hard drive used for spooling of print jobs to punch and/or shred on site.

Scanners

  • Check for and remove paper with logo/letter head.  Paper documents are recycled (if not personally identifiable) or shredded on-site using a NAID certified document destruction system.

Terminals

  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe of stored data.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • Documentation must apply to that device.
  • Inspect unit for any data storage devices
    • Some terminals have hard drives.
    • Physically destroy.
  • Any terminals with screen burn are destroyed through demanufacturing and recycling.

Phones (analog, ISDN, IP)

  • Remove markings.
  • Memory cleared.
  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe of stored data.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • If documentation does not exist or can not be found, the device must be physically destroyed.

Fax Machines

  • Remove transfer film which could contain image of last transmission.
  • Paper documents are recycled (if not personally identifiable) or shredded on-site using a NAID certified document destruction system.
  • Consult manufacturer’s documentation for specific device and use whatever method they recommended for overwrite/wipe of stored data.
    • Method must be documented by manufacturer.
    • Must be explicit and declare that user data is completely destroyed.
    • If documentation does not exist or can not be found, the device must be physically destroyed.

Cell Phones

  • Consolidated in secure area
  • Transferred to a reputable vendor who has been audited for responsible security and environmental practices.

Memory devices (Non Volatile)

  • Physically destroyed.

Display devices (LCD Panels, monitors, televisions)

  • Devices that have an image “burned in” will be demanufactured and recycled.
  • Transferred to a reputable vendor who has been audited for responsible security and environmental practices.

Media (Optical Disks, Floppy Disks, Zip Disks, Backup Tape)

  • Quarantined, secured and physically destroyed.

Paper

  • Physically secured (locking container).
  • Transferred to a NAID Certified vendor who has been audited for responsible security and environmental practices.

Cardboard/Packaging

    • When cardboard is reused it is only done so when labeling/stickers/information is removed or defaced.