Or the US Marine Corp. "When it absolutely, positively has to be destroyed overnight"
-----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Thorneycroft, Doug Sent: Friday, January 26, 2007 12:34 PM To: [email protected] Subject: Re: [ADSM-L] Disposition of Failed Storage Devices You might take a look at this site, their members specialize in totally destroying things like tapes and disk drives. (National Associating for information destruction) http://www.naidonline.org/ -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] Behalf Of Kauffman, Tom Sent: Friday, January 26, 2007 8:57 AM To: [email protected] Subject: Re: Disposition of Failed Storage Devices Given the security group's position, I think your options are sledghammer or iron smelter. And you'll really need to put everything you've got into the sledgehammer, if you go that route. A thermal lance or oxygen cutting torch might also fill the requirements. I doubt you'll get anything in writing from either IBM or EMC that will be satisfactory. You'll also need to get quotes from both on how much the maintenance fees will increase if the failed media device is rendered non-salvageable before return. Tom Kauffman NIBCO, Inc -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Lamb, Charles P. Sent: Friday, January 26, 2007 11:07 AM To: [email protected] Subject: Disposition of Failed Storage Devices Hi............ Our IT management is looking at implementing a process for disposition of failed storage devices. We have a hardware contract with both IBM and EMC. Our IT management is not sure that our data would be secured and deleted correctly. Here is an excerpt from our security group. >From my perspective, what we have from IBM/EMC so far isn't sufficient. My opinion is that in order for us to consider a vendor's approach suitable- there needs to be more focus on data breach law compliance support. For example, if we can confirm that their approach (or related optional enhancements) is audited, secured, traceable, employee/subcontractor vetting/background checking, and includes appropriate notification of potential data breach, etc and that their program is also periodically third party audited (& ideally court case tested).. we're in a much better position. If/when they notify us of loss, we also would need full cooperation in related investigation efforts and confirming ultimate disposition. Your company's process would be appreciated. Thoughts?? Tnx's a bunch for your input. CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. We do not waive attorney-client or work product privilege by the transmission of this message. Please see the following link for the BlueCross BlueShield of Tennessee E-mail disclaimer: http://www.bcbst.com/email_disclaimer.shtm
