Media Sanitization Policy:   IP



It is the policy of South Plains College (SPC) that all data must be removed from devices and equipment that are capable of data storage, transmission or receipt prior to equipment disposal.


Technical support staff will properly sanitize information technology resources prior to transfer, sale or disposal. It is imperative that all devices capable of storing SPC information be sanitized in a way that will make data recovery impossible.


This document establishes specific requirements for Information Technology media sanitization at South Plains College. (See Texas Administrative Code, Title 1, Part 10, Chapter 202, Subchapter C (TAC§202))



The SPC Media Sanitization Policy applies to any data owner, data custodian, system administrator and SPC-IS staff that installs, operates or maintains SPC information technology resources.



Prior to the sale, transfer or disposal of information technology resources, the technical support staff will take the appropriate steps, per the SPC-IS Property Office Media Sanitization Procedures, to ensure all data is removed from any associated storage device.


  1. 1. Information technology resources shall be sanitized utilizing a method that will ensure data recovery is impossible, such as degaussing, shredding, or destroying the media utilizing a destruction method that will be able to withstand a laboratory attack (e.g., disintegration, pulverization, melting or incineration).


  1. 2. If the device is a cell phone or other portable computing devices remove subscriber identity module (SIM) and additional memory cards and destroy per sanitization requirements. Sanitize the unit utilizing a method that will ensure data recovery is impossible.


  1. 3. Document the removal and completion of the process with the following information:

a. Date;

b. Description of the item(s) and serial number(s);

c. Inventory number(s);

d. The process and sanitization tools used to remove the data, or process and method used to for destruction of the media; and

e. The name and address of the organization to which the equipment was transferred, if applicable.


Related Policies, References and Attachments:

An index of approved SPC-IS policies can be found on the SPC Policies website at  The SPC Information Security Program and SPC Information Security User Guide are also available on the Information Technology Services Policies website.


Approved by: Executive Council, 8/6/2018