Summary of Changes
1.1 This joint procedure/SOP for Essex Police and Kent Police has been updated with the following amendments:
- Section 3.4.1 - CCTV cameras added to bullet point
- Section 4.0 - Updated EIA added
2.0 What this Procedure/SOP is About
2.1 This procedure/SOP provides details of the sanitisation, reuse, disposal and destruction of information storage media, both digital and physical/paper. This is to inform Information Asset Owners to produce the necessary local policy and guidance for their business area and to ensure that the applicable and relevant security controls are in place for the Department/Division, the wider Forces and legislative requirements.
Compliance with this procedure/SOP and any governing policy is mandatory.
3.0 Detail the Procedure/SOP
3.1 Introduction and Background
3.1.1 Sanitisation involves the secure erasure or destruction of information in such a way that, proportionate to its classification, it is extremely unlikely that the information could be recovered.
3.1.2 Data that has not been subjected to sanitisation procedures is often easily recovered with little or no specialist capability. Even repeated overwriting or reuse of the storage medium by conventional means could still leave valuable data exposed. Therefore, a secure method of erasure or destruction must be used in order to sanitise the media.
3.1.3 Any container of information, whether a file of papers or digital storage media, must be treated at the highest classification level of the information that it contains.
3.1.4 Computer equipment reuse, disposal, repair and exchange must only be carried out with the agreement of the IT Service Desk.
3.1.5 Where applicable, any third party contractor, supplier or service involving the processing of police information must consider the provision for the sanitisation or disposal of media, in accordance with this procedure/SOP.
3.1.6 Encryption is not a sanitisation method and Essex Police and Kent Police shall ensure that it is not relied on as a means of securing data when disposing of electronic media for re-use. When disposing of encrypted media an appropriate sanitisation method must be deployed.
3.2 Sanitisation, Disposal and Destruction Methodologies
3.2.1 The type of sanitisation, disposal and destruction methods deployed shall be based on:
- The impact to Essex Police and Kent Police if the Protective Marking of the data is breached;
- The type of electronic storage media;
- The location, use and type of paper documents;
- Whether the media is to be re-used and if so, where the electronic media will be re-used.
3.2.2 The sanitisation and destruction method used shall be in accordance with the latest NCSC guidance for Secure Sanitisation (which can be found via the NCSC website).
3.3 Paper Documents
3.3.1 Paper documents can be disposed of using the forces’ secure waste disposal process, by placing un-shredded material into the consoles provided.
3.3.2 Material is collected from the waste consoles and shredded on police premises under a secure process conforming with BS EN 15713 standards.
3.3.3 If you accidently deposit documents into a shredding console and require it to be retrieved you must log a request on Service Manager. If the request is authorised the Facilities Team Leader will arrange access to the console at which point you can retrieve the item. This process must be undertaken with a witness present and a brief statement sent across to Business Services for record keeping and audit purposes.
3.3.4 Some specialist units may also need to use a cross-cut shredder. Where this is approved, the shredded material will be placed into the specially provided sacks, for secure recycling under the above process.
3.3.5 Records Management will provide destruction services for documentation that has been retained in long term storage. This destruction will require liaison with the IAO and/or Business Owner in accordance with Retention Policies.
3.4 Digital Media
3.4.1 A wide range of electronic storage media may be used to store or process information including, but not necessarily limited, to:
- Desktop computers;
- Servers;
- Multifunction devices (e.g., printers);
- Photocopiers;
- Laptops, tablet computers and electronic notebooks;
- Data Servers;
- Mobile telephones;
- Digital recorders;
- Cameras;
- USB devices;
- DVDs, CDs and other portable devices and removable media.
- CCTV cameras
3.4.2 The sanitisation of computer storage media must be carried out by, or completed under the supervision of, the IT Service Desk.
3.4.3 Before the sanitisation process is carried out, it must be confirmed that any valuable data has been backed up or transferred, so that it can be kept in accordance with the forces’ data retention policies and procedures, where applicable.
3.4.4 The secure erasure of digital storage media usually requires that its data is overwritten using an approved data erasure tool that is suitable for the classification of the information (such tools are not usually suitable for hardware encrypted disks). This tool must also provide verification of successful erasure. A degausser may also be used to sanitise some magnetic storage media (this uses a strong magnetic field to remove data and often renders the device unusable afterwards).
3.4.5 The media must then be manually checked to confirm that the sanitisation process has been successful. In the case of large quantities of data, a suitable sample is sufficient. If there is any doubt that the sanitisation process has been anything other than completely successful, full destruction of the storage media will be required.
3.4.6 Flash memory (commonly found in USB sticks, solid-state hard drives and SD cards) can be difficult to remove completely. Destruction of the media and/or the device is often the only economical way to protect the information stored. This media should be returned to IT for secure sanitisation; unless the data or media is already protected by approved encryption, such as the standard police workstation USB stick encryption - this can be sanitised by the user and should be done at the earliest opportunity.
3.4.7 Physical destruction at its simplest level will prevent a device being used without performing some kind of repair. More extensive methods, such as disintegration, eliminate any possibility of re-use or data recovery. The Force ISO/Accreditor will work with IT Services to agree the most suitable methods of destruction in proportion to the information’s classification.
3.4.8 CDs, DVDs and flash drives can be placed in the multi-media secure confidential waste consoles. Re-writable CDs and DVDs can be sanitised using the standard CD/DVD erase function
3.4.9 ID cards must be cut into minimum of 6 pieces and placed into a secure shredding console. If a new ID card is issued as a replacement Business Services will deactivate the old ID card and update SAP Objects on Loan upon issue. If the ID card is being disposed of due to a leaver the deactivate is carried out as part of the HR leaver processing.
3.4.10 Storage media can be reused within the same security environment only (e.g. same information classification level, need-to-know principles, and security cleared users). If equipment is being reused within a different security environment, the storage media must be sanitised or replaced.
3.4.11 All movement and destruction of IT equipment must be recorded on the IT Asset Register via the IT Services Helpdesk.
3.4.12 Decommissioning of digital servers or data storage facilities must be detailed in a bespoke plan which must be agreed by the IAO and Business Lead. These plans must be reviewed by the Forces ISOs.
3.5 Leased Equipment or Third-Party Repairs
3.5.1 Leased or hired equipment should not be returned to the vendor unless all storage media has been sanitised or removed.
3.5.2 Equipment that is faulty or unserviceable must have the storage media sanitised or removed before it is released for exchange or repair by a third party. If there are other reasons why the media cannot be sanitised, it should be repaired on site under the supervision of suitably cleared force personnel. Where the repair or exchange cannot be carried out on site, the media should be taken to an approved repair organisation and the work overseen by suitably cleared force personnel. Any exchanged media must be brought back to the force for secure disposal.
3.6 Further Information
3.6.1 Any queries regarding the safe erasure or disposal of force information should be directed to the IT Service Desk, Business Services and/or the Force Information Security Officer.
3.7 Incident Reporting
3.7.1 Release or re-use of electronic media without appropriate sanitisation shall be considered to be an information security incident and shall be reported in accordance with the Information Security Incident Policy and Data Protection Policy.
4.0 Equality Impact Assessment
EIA – June 2024
4.1 This procedure/SOP has been assessed with regard to an Equality Impact Assessment. As a result of this assessment it has been graded as having a low potential impact as the proposals in this procedure/SOP would have no potential or actual differential impact on grounds age, sex, disability, race, religion or belief, marriage and civil partnership, sexual orientation, gender reassignment and pregnancy and maternity.
5.0 Risk Assessment
5.1 There is an overall risk concerning the use and management of Essex Police and Kent Police information. Advice and guidance relating to the assessment of risk is contained within the individual procedures/SOPs. The Corporate Risk Register will contain any risks in relation to Information Security.
6.0 Consultation
6.1 The following have been consulted during the formulation of this document:
Unison
Police Federation
Health & Safety
Strategic Change Team
PSD Superintendent
Policy
Risk
Superintendents Association
IT Department
7.0 Monitoring and Review
7.1 The Information Security Officer will be responsible for ensuring that this procedure/SOP will remain current in line with HMG and ACPO policy.
7.2 This procedure/SOP will be reviewed by or on behalf of the forces’ SIROs every two years.
8.0 Governing force policy.
Related force policies or related procedures (Essex) / linked standard operating procedures (Kent)
8.1 Joint Essex Police and Kent Police
W 1000 Policy – Information Management
8.2 Data Security
8.2.1 Essex Police and Kent Police have measures in place to protect the security of your data in accordance with our Information Management Policy – W 1000 Policy – Information Management.
8.3 Retention & Disposal of Records
8.3.1 Essex Police and Kent Police will hold data in accordance with our Records Review, Retention & Disposal Policy – W 1012 Procedure/SOP - Records Review, Retention and Disposal.
8.3.2 We will only hold data for as long as necessary for the purposes for which we collected.