My question on this topic is the following... If you are replacing your shark with a new one, once the data is migrated, would it not be possible to go to the ESS console and delete all your disk, and reformat them for opens stems, and create 100's of 1.2m disks, leaving the ESS format software to effectively kill all usable data... You can then walk away while this processes all by it's own, no baby-sitting needed, and if your neurosis have not died down after that, reverse the process... Surely this happens at HW level and should be more successful that other software driven efforts?
Herbie -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Mednick Sent: 12 Januarie 2008 10:07 nm To: [email protected] Subject: Re: Data Erasure Products > > Outside of FDRERASE and good old ICKDSF are there any > products in the market that can erase data from mainframe DASD? > > I didn't see anything in the CBT archive for DASD, just some > tape erasure programs. > * * > > -- > Mark Jacobs > Time Customer Service > Tampa, FL > ---- > There are any number of solutions both hardware & software that lay claim to being DOD compliant for the purposes of erasing data from mainframe DASD but very few that can make the claim that they have been independently certified by a government sponsored agency as meeting the compliance requirements. Before selecting any of the solutions put forward, one needs to check with their IT Security Advisor and/or Auditors to see what their expections are, that is, whether a compliant solution is good enough or whether it has to be certifed as a compliant solution. A list of certified compliant solutions can be found at the following site listed under the heading "Technology Type" as "Sensitive Data Protection": http://niap-ccevs.org/cc-scheme/vpl/ Furthermore, the question needs to be asked whether or not the requirement is for "clearing"/"overwriting" the disk or the more stringent requirement of "purging"/sanitizing" the disk. These definitions are described the documents: NCSC-TG-025 A Guide to Understanding Data Remanence in Automated Information Systems DoD 5220.22-M National Industrial Security Program Operation Manual "clearing"/"overwriting" requirements are usually ok for the OP's requirement when leaving a DR site but the "purging"/"sanitizing" requirement may be a mandatory requirement when decommission obsolete storage subsystems. There are a number of Government & Industrial guidelines that dictate what are the requirements. These include HIPPA, Sarbane-Oxley, Gramm-Leach-Billey as well as the PCIDSS requirement for organisations who are involved with the issue and processing of credit card payment etc. At the end of the day, the decision as to what product to use may not be that of the humble storage management technician but a decision that is dictated by the requirements of the corporate IT Security Advisor and/or Auditor. It may well be worth your job tenure to go and check! Stephen Mednick Computer Supervisory Services Sydney, Australia ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html Elavon Financial Services Limited Registered in Ireland: Number 418442 Registered Office: Block E, 1st Floor, Cherrywood Business Park, Loughlinstown, Co. Dublin, Ireland Directors: Robert Abele (USA), John Collins, Terrance Dolan (USA), Pamela Joseph (USA), Declan Lynch, John McNally, Malcolm Towlson Elavon Financial Services Limited, trading as Elavon, is regulated by the Financial Regulator ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
