Data Disposal Policy & Procedures
Wojo Data Disposal Policy and Procedures
1. Purpose
This policy outlines Wojo’s approach to the secure disposal of data and media to ensure that sensitive information is irrecoverable and to prevent unauthorized access to confidential information.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who handle Wojo’s data and information systems. It covers all forms of data and media, including electronic and physical records.
3. Definitions
- Data Disposal: The process of permanently and securely deleting data from all media to ensure it cannot be recovered or reconstructed.
- Sensitive Information: Information that is protected against unwarranted disclosure, including personal, financial, and proprietary data.
4. Data Disposal Principles
Wojo commits to the following principles for data disposal:
- Confidentiality: Ensuring sensitive data is not disclosed to unauthorized parties during the disposal process.
- Compliance: Adhering to legal, regulatory, and organizational requirements for data retention and disposal.
- Security: Implementing secure disposal methods to prevent data recovery.
5. Procedures for Data Disposal
5.1 Electronic Data
- Data Wiping:
- Use certified data wiping software to overwrite data on storage devices, ensuring it cannot be recovered.
- Verify the effectiveness of the data wiping process.
- Degaussing:
- Apply strong magnetic fields to disrupt the magnetic domains on storage devices, rendering data unreadable.
- Use degaussers certified by recognized authorities.
- Physical Destruction:
- Physically destroy storage media (e.g., hard drives, CDs, DVDs, USB drives) through shredding, crushing, or incineration.
- Ensure the destruction process is carried out by trained personnel or certified disposal vendors.
5.2 Physical Records
- Shredding:
- Shred paper documents using cross-cut shredders that produce confetti-like particles.
- Ensure shredded materials are disposed of securely.
- Pulping:
- Convert paper documents into a pulp, ensuring that data is irrecoverable.
- Use authorized disposal services for large volumes of documents.
5.3 Disposal of Redundant IT Equipment
- Inventory Management:
- Maintain an inventory of all IT equipment slated for disposal.
- Ensure all data has been securely wiped or the equipment has been physically destroyed before disposal.
- Vendor Disposal:
- Engage certified e-waste disposal vendors to handle the disposal of redundant IT equipment.
- Obtain certificates of destruction from the disposal vendor.
6. Roles and Responsibilities
- IT Department:
- Oversee the implementation of data disposal procedures.
- Ensure all data disposal activities are documented and compliant with policy.
- Employees and Contractors:
- Adhere to data disposal procedures.
- Report any issues or breaches in the disposal process to the IT department.
- Third-Party Service Providers:
- Comply with Wojo’s data disposal policy and provide evidence of secure disposal.
7. Record Keeping
Maintain records of all data disposal activities, including:
- Date of disposal.
- Type of data/media disposed of.
- Method of disposal.
- Personnel involved.
- Certificates of destruction (if applicable).
8. Training and Awareness
Conduct regular training sessions to ensure all employees, contractors, and third-party service providers are aware of and understand the data disposal policy and procedures.
9. Policy Review
This policy will be reviewed annually or after significant changes in legal or regulatory requirements to ensure its effectiveness and compliance.
10. Contact Information
For any queries or guidance regarding data disposal, contact the Wojo IT Security Team at security@wojohq.com.