IT Security

​​​​​​​Welcome to the security page

 

​HEI’s, by their very nature, need to remain current in technology. This, in turn, creates a rate of obsolescence in IT equipment. The disposal of obsolete or failed IT equipment needs to be properly controlled and in line with Cardiff Met's Disposal Procedure, Sustainability Policy and Electronic Communications Policy.​

Links for Cardiff Met Staff (only)
 
Electronic Communications Policy​​
​​​bin.png
​​

The disposal of electronic equipment frequently entails the disposal of electronic media that may contain data that is potentially confidential or of commercial value.

This document outlines guidance and procedures associated with disposal of IT equipment and the data held upon it, within Cardiff Met.

 

Recent global initiatives have highlighted the need for stricter control on the disposal of certain materials.

​In the UK there is a range of waste-management laws which might affect businesses disposing of old equipment.​ Among them are:

The duty of care (responsibility) for waste, which applies to all businesses.

 

  • The requirements of the Waste Electrical and Electronic Equipment (WEEE) Directive came into force in January 2007. It aims to reduce waste arising from electrical and electronic equipment and its environmental impact.
  • There are 3 main issues that give rise to the need for managing the disposal of IT equipment:
  • Data Protection – Certain IT equipment will contain data that is confidential and it is important to ensure that such data is properly destroyed prior to disposal. However, it can be difficult to ensure total and irrevocable destruction of data with certain equipment.
  • Disposal of Assets – Control is necessary to maintain asset registers, financial accounting and security.
  • Protection of the Environment – Some IT equipment is made of material that can be recycled. In addition, certain items may contain chemicals that are hazardous to the environment.

​Only when no other use can be found, and no acceptable residual value for the equipment remains, can equipment be disposed of through either recycling or given away e.g. charity, staff for home use etc. or lastly waste disposal, (subject to meeting Data Protection requirements outlined in section 3.2).

All reasonable efforts should be made to identify other departments or staff that may be able to re-use equipment deemed for disposal. ​​

​ ​

​Disposal of data

All University data and any software licensed to the University must be removed and/or destroyed prior to the equipment leaving the possession of the University (or its staff, where use of equipment has been made outside of UWIC's estate, e.g. laptop computers used at home).

shred.png
Removable electronic storage media such as pen drives, CD's, and portable hard drives should not be passed on with equipment, but instead, should be retained by the department or erased and disposed of by secure means.

Responsibility for removal of software and data rests with the department that owns the equipment and must not be delegated to any person outside the University without strict contractual obligations being imposed. Such undertakings should only be achieved with the knowledge and support of the Head of ISD.

The effort taken to dispose of data held on equipment should be proportionate to the value and/or confidentiality of the data, and if in doubt, assume the worst.​

​Disposal of Assets

​Prior to disposal of IT equipment, authority must be gained from the budget-holder responsible for the equipment.

A record of the disposal should be kept by the Head of School/Unit noting the destination and residual value of the item being disposed of.  ISD may assist in advising of the residual value of IT equipment.

Disposal records should be submitted to the Finance Department upon reque​st.

old-equipment.png

​Protection of the Environment

Some IT equipment is classified as hazardous to health or the environment. The advice of ISD should be sought if in any doubt. Types of hazardous equipment include, but is not limited to:

  • VDU's/Monitors – may contain substances hazardous to the environment.

  • ​Battery Back-up units/UPS's – may contain lead and acid.

Any equipment reasonably capable of being recycled should be recycled. 

enviro.png

​​Responsibilities

All Schools and Units are responsible for:

  • ​Ensuring the safe and secure disposal of the IT equipment owned by them

  • Ensuring the application of the procedures

​​Cardiff Met's ISD Unit is responsible for:

point.png
  • ​​Disposal of all centrally owned IT equipment such as Open Access equipment and centrally purchased servers

  • Advising on which equipment may be considered hazardous

  • Assisting with wiping/clearing media and equipment containing potentially sensitive data prior to disposal

  • Ensuring the application of these procedures

  • Reveiwing and advising on these procedures

​​