The Purpose of this Standard Operating Procedure (SOP) is to outline procedures for the restoration of user data, identify and provide for the preservation of all critical infrastructure configurations, and to set forth guidance for the regular scheduling of backups for all relevant user files, databases, application settings, system configurations, virtual machines, hosted data, and any other critical data and configurations identified.
The scope of this SOP is to be Company-wide. All entities under the control of Micro Satellites will comply with this SOP and all allies, contractors, partners, etc. will include written language in any contracts, convenants, Statements of Understanding, and the like to be in compliance with these procedures.
-
CIO- To maintain the Sensitive Information Program in accordance with all company policies, accepted standards, and best practices
-
CISO- Communicate to the MSP all acceptable methods of disposal and processes of verification by the backup and restore program. Ensure the security of all PII and other sensitive information
-
MSP- Manage all backups in a manner provided for in writing (Preferably by an SLA)
-
Manager- Maintain the backup schedule as published
Use specialized software or tools designed to overwrite the storage media with random data patterns multiple times. This process ensures that the original data becomes unrecoverable. There are various data wiping algorithms, such as the DoD 5220.22-M standard, which specifies the number of passes required for effective erasure.
Physically destroying the storage media ensures that the data cannot be recovered. This can be done through methods like shredding hard drives, solid-state drives (SSDs), or other storage devices. Professional services or equipment specifically designed for media destruction can be utilized.
Degaussing is the process of using a powerful magnetic field to erase data from magnetic storage media such as hard drives or tapes. It disrupts the magnetic particles on the media, rendering the data unrecoverable. Specialized degaussing equipment is needed for this method.
For certain types of storage media, encryption can be employed as a means of secure data disposal. By securely deleting or destroying the encryption keys, the encrypted data becomes unreadable and effectively unusable.
Engaging professional data disposal or electronic waste (e-waste) management services can ensure secure disposal of storage media. These services specialize in secure data destruction and adhere to proper disposal practices.
It is important to consider any legal or regulatory requirements regarding data disposal, such as data protection laws like the General Data Protection Regulation (GDPR). Ensure that the chosen method aligns with the applicable regulations and requirements.
- Micro Satellite Non-Disclosure Agreement
- Micro Satellite Scope of Work: FinalFrontier2023
- NIST Framework SP 800-53
-
CIO (Chief Information Officer) - A senior leadership position in the company that is responsible for all information technology assets and strategies.
-
CISO (Chief Information Security Officer) - A senior leadership position in the company, subordinate to the Chief Information Officer that is responsible for the security of all information technology assets and data generated by the company
-
MSP (Managed Security Provider) - A third-party contractor usually brought on to address one or several security issues.
-
SLA (Service Level Agreement) - Contractual agreement between two businesses to specify the scope, duration, and manner of services rendered.
5/15/2023 - "SOP 02: Securely Disposing of Sensitive Data" by Benjamin Hobbs
5/18/2023 - "SOP 02: Securely Disposing of Sensitive Data" revised by Benjamin Hobbs