This downloaded copy is unofficial. Check www.mun.ca/policy for the official version.
Memorial University of Newfoundland
Approval Date: 2005-12-08
Effective Date: 2018-03-06
Review Date: 2021-05-01
The Vice-President (Administration and Finance) through the Director of Information Technology Services
To minimize potential data exposure and security risk by providing guidelines for the disposal of Electronic Devices and media, once they are deemed Surplus Assets. Sale, re-allocation within the University, or transfer to a pubic body of these Surplus Assets can involve risks related to unauthorized release of confidential information, unauthorized disclosure of trade secrets, copyrights, or other intellectual property, unauthorized access to personal information protected under privacy legislation that might be stored on the hard disks and other storage media, or potential violation of software license agreements.
All University-owned Electronic Devices and media used by faculty, staff, students and others affiliated with Memorial University of Newfoundland.
Asset Administrator — This role is normally carried out by the employee in the Unit who has responsibility for financial matters. This role is responsible for ensuring measures are in place within the Unit for safeguarding Tangible Assets, for reviewing, maintaining and updating the Unit's Tangible Capital Asset property report and corresponding with FAS to ensure necessary updates are made to Tangible Capital Asset records. This is a functional description, not a position title.
Electronic Device — Any device that is powered and is used to access, process or store University data including any information technology storage media run by, or attaching to, a device. This may include but is not limited to computers, multifunction printers with storage, hard disks, memory keys, SD cards, smartphones, DVD/CDs, peripherals and software.
Smartphone — Mobile phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications must employ approved security configurations and/or software. As per the Electronic Data Security policy, encryption, versus PIN or password protection, is required in any instance where the latter does not lead to factory reset of the device after a finite number of failed password attempts.
Surplus Asset — A Tangible Asset that has reached its optimal benefit for reasons such as wear, obsolescence, or changes in technology, teaching methods or Unit requirements.
Tangible Asset — Anything owned by the University that has a monetary value and includes Items such as buildings, property, furniture, equipment, computers, electronic devices, machinery, instruments.
Tangible Capital Asset — Those Tangible Assets which are of a continuing or long-term use in the conduct of the University's operations and which must be recorded in the University's financial records as capital to meet financial reporting requirements and for insurance purposes. See Schedule of Tangible Capital Asset Determinations.
All university employees are responsible for the use and care of the Electronic Devices and media assigned for their use. When these are no longer of use to the assigned employee, they may be deemed Surplus Assets in accordance with the Tangible Asset Administration policy. Employees must take all reasonable steps to limit Memorial University's liability and risk with regards to the protection of the data and software on Electronic Devices and media.
In accordance with the related procedures and regardless of the surplus option chosen, Electronic Devices must have the data and any licensed software removed or the device destroyed.
Unit Heads are responsible to ensure compliance with this policy and its related procedures. The Asset Administrator is responsible for executing the related procedures. The IT-Classified staff is responsible for destruction of the data, following technical guidelines outlined in the related procedures. An IT-classified employee is one so-designated by the Department of Human Resources.
Any deviation from this policy must have the prior approval of the Vice-President (Administration and Finance).
Enterprise Risk Management policy
Information Management policy
Tangible Asset Administration policy
Information Technology Services, (709) 864-8116
Sponsor: Vice-President (Administration & Finance)
There is at least one previous version of this policy. Contact the Policy Office to view earlier version(s)
|Approval Date||2005-12-08||Effective Date||2017-06-01|
|Approval Date||2005-12-08||Effective Date||2013-11-05|
|Approval Date||2005-12-08||Effective Date||2005-12-08|
Procedure for Data Removal - Computer Systems
Approval Date: 2015-03-27
Responsible Unit: Information Technology Services
Once computer equipment containing data has been deemed to be surplus, the following should occur to erase the data:
Replaced computer systems are often recycled within a University unit. This is a consideration noted on the IT Information for Surplus Property Form supplied by MUN IT-classified employees when de-commissioning a computer system. Other than intra or inter-unit equipment transfers, there are three standard options for handling old or obsolete computer systems, and these are covered on the IT Information for Surplus Property Form. They are, depending on the classification of the computer, to:
(1) declare the equipment as surplus,
(2) donate the equipment to the Computers for Schools (CFS) Program or
(3) provide the equipment to the Computer Purchasing Centre (CPC) under its Re-distribution Program for a credit
These options are outlined in more detail on the IT Information for Surplus Property Form. This form may be provided by IT-classified staff, as part of the computer system replacement process. If provided, this completed form is to be passed, for informational purposes, to staff in your unit who are responsible for asset tracking and financial transfers.
Qualifying Computers for Schools (CFS) Program donations require completion of the corresponding section on the Surplus Property form. CFS systems are signed for by CFS staff on the Surplus Property form. The program ensures appropriate data removal processes before re-deployment.
Qualifying Computer Purchasing Centre (CPC) Re-distribution Program systems are removed from Fixed Assets through the return process. The CPC ensures appropriate data removal processes before re-deployment and issues credit to the supplied FOAPAL for qualifying systems.
Once a unit has identified computer property to be disposed of, or transferred, approval from the appropriate Unit Head or his or her designate is required prior to requesting data removal by IT-classified staff. Erasure of any records from computer components and media must be completed in consultation with the respective Institutional Technology Services units. For the Marine Institute – Information and Communications Technologies (ICT), Grenfell campus – Computing and Communications (C&C), Harlow campus – Systems, St. John’s campus – Information Technology Services (ITS). Verification of the removal of data for computer systems must be provided by the Administrative Signing Authority on the Surplus Property form, prior to designated IT-classified staff permanently removing data from storage devices. Data on computers designated for transfer, surplus or disposal must be erased or otherwise destroyed after data necessary to be retained is backed up or transferred to an alternate storage device. Staff with administrative signing authority will ensure that necessary data retention has been accomplished and will verify this by signing the Surplus Property form prior to making requests for data removal.
Computer systems and storage devices known to contain confidential information are to indicate so on the Surplus Property form. Those responsible for Administrative approval are to check confidentiality status as part of their review of the form. A more thorough data removal procedure will be employed for systems known to contain confidential information, otherwise, a basic data removal procedure will be employed. Computers containing confidential information are to be stored in a secure location while awaiting data removal procedures.
Instructions for IT-classified staff for data removal are available at http://www.mun.ca/cc/services/servicecatalogue/DataRemoval.php
Procedure for Data Removal - General
Approval Date: 2005-12-08
Responsible Unit: Information Technology Services
The steps to follow for the transfer of, removal of, disposal of, or surplus declaration of any data storage device or media include but are not limited to:
1. Computer property for transfer or surplus, with the exception of the Computer Purchasing Centre's Re-Distribution Program, require completion of the Surplus Property form. All computers for transfer or surplus require the signature of a Memorial IT-classified employee on the Surplus Property form, to ensure data removal.
2. Computer data-storage components, media or devices which are to be transferred or sold to a new internal user, or are determined to be obsolete, damaged, nonfunctional or otherwise unneeded, are to be handled in one of the following ways by administrative staff, repair/upgrade technicians, IT-classified staff or owners:
a. Data is to be erased by overwriting, so as not to be recoverable from the storage device or media.
b. Services contracted by Facilities Management for file and record disposal can be used to dispose of these devices/media. Items are to be stored in a safe place to provide protection against misuse, misplacement, damage, destruction, or theft, until picked up by the contracted company.
c. In some circumstances, destruction of the computer software and/or media may be the most cost effective strategy for eliminating any risk or liability to Memorial University of Newfoundland.
Persons, with any doubt as to how to adequately select the appropriate option, are to refer to IT-classified staff to ensure there is no risk or liability to Memorial University of Newfoundland.
Procedure for Declaring Restricted Articles as Surplus
Approval Date: 2017-05-11
Responsible Unit: Office of the Chief Risk Officer
Any Surplus Assets considered hazardous materials, i.e., chemicals, biological, lasers, radioisotopes, radiation generating devices, asbestos, or that may be contaminated with hazardous materials are classified as restricted articles for surplus.
This procedure applies to all hazardous materials items, equipment that has contained hazardous materials, or items that are known to or may be contaminated with hazardous materials. Appropriate decontamination and decommissioning is performed by the responsible Unit with oversight and assistance provided by Environmental Health and Safety, where required. See also Memorial University’s Health and Safety Management System, available here: http://www.mun.ca/health_safety/OHSMS/.
For surplus and disposal of weapons see the University’s Weapons policy. For disposal of controlled goods see the University’s Controlled Goods policy.
1. Instruments which can produce X-rays or other ionizing radiation, or which contain nuclear sources, have restrictions on their disposal and may only be sold, traded, transferred, given away, scrapped, or otherwise disposed of with the written approval of the Radiation/Biosafety Control Officer, who is responsible for ensuring that applicable government and University regulations are followed. X-ray tubes or nuclear sources must be removed from the instruments prior to disposal and handled according to applicable provincial and federal regulations.
2. Items which contain hazardous or restricted articles (e.g., transformers containing oil might be contaminated with PCB’s) may only be sold, traded, transferred, given away, scrapped, or otherwise disposed of with the written approval of the University Safety Manager, who is responsible for ensuring that applicable government and university regulations are followed.
3. In compliance with the Ozone Depleting Substance Regulations applying to refrigeration, air conditioning, and fire extinguishing products, halon gas and fluorocarbon refrigerants must be removed from the equipment before disposal or otherwise sent to an outside contractor licensed to perform this service.
4. To ensure that confidential and other information stored in electronic format is protected, all devices storing electronic data or licensed software, regardless of age or condition, cost of the device or licensed software, or type of lease, must comply with the Data Removal policy and its related procedures.
Procedure for Shredding and Disposal of Confidential Materials - St. John's Campus
Approval Date: 2016-05-26
Responsible Unit: Department of Facilities Management
The University, through the Department of Facilities Management, contracts a service provider for the shredding and disposal of confidential materials, on site and off site, for the St. John's Campus. Materials include: records, video, diskettes, compact discs, hard drives
Units with their own shredding equipment, capable of achieving a maximum cut size of 15-16 mm. in width, should use that equipment for small amounts of shredding. The central service should be used for larger quantities or for multimedia that cannot be shred with the unit's equipment.
The preferred method for the central service of shredding and disposal is off site.
The on-site method should only be requested if you wish to observe the shredding process; otherwise, the off-site method should be used. The cost per box may differ for on-site and off-site shredding. Units must contact the Procurement Officer before requesting any on-site shredding as the operation and/or noise levels of the shredding equipment may affect personnel working in various locations.
Units requesting shredding must: