The purpose of this policy to create an authorized process for retirement of computers purchased through the USF's Computer Replacement Program (RP).
The objectives of the Computer Retirement Policy are as follows:
- Efficient use of University resources: The policy is designed to minimize University computer pick-up costs, including labor and transportation.
- Maximum sell-back cost recovery and timely delivery to donation recipients: The policy is designed to reduce unnecessary equipment aging, which reduces sell-back value, as well as ensure that retired computers are available to mission-related projects in accordance with expected time frames.
- Compliance with applicable laws: Laws such as Gramm-Leach-Bliley Act (GLBA), FERPA (Family Educational Rights and Privacy Act) and HIPAA (Health Insurance Portability and Accountability Act) require that the University safeguard confidential information which may be stored on desktop and laptop computers. This requires that all computers be re-inventoried and de-provisioned by ITS.
- Compliance with EPA (Environmental Protection Agency) regulations: The University must ensure that all computers are responsibly disposed.
- Compliance with Software Licensing Policies: The University must ensure that all licensed software is removed from retired computers in accordance with current licensing agreements.
Computer Retirement Policy
- All computers due for replacement during the Replacement Program year must be scheduled for replacement from February 1st - November 30th.
- Computer systems ordered by a Division or College's Replacement Program Coordinator can not be changed or exchanged for a different Replacement Computer.
- All university computers purchased through the Replacement Program must be collected on the day that the replacement computer is installed.
- All retired computers will be inventoried in the ITS Inventory Facility. All computers stored in ITS will be encrypted until donated or resold. Retired computers will be stored in ITS for 10 business days. During the 10 business days, former users of the computer may contact ITS to recover any missing data from their old computer. However, after 10 business days, all data stored on the hard drives will be destroyed using a Department of Defense (DOD) 5220-22.M Standard 7-Pass Wipe.
- Retired computers resold to third party vendors will be wiped for a 2nd time using a DOD 5220-22.M Standard 7-Pass Wipe. All vendors are required to provide ITS a certification of data destruction.
- Computer equipment from separated faculty and staff members must be collected by the supervisor. The supervisor must review the data contained on the hard drive with an ITS technician and place any files requiring continued use on the central ITS file server. After reviewing the contents of the hard drive, the computer will be wiped and either re-inventoried or assigned to a replacement hire.
All University Faculty and Staff members who have a USF computer scheduled for replacement are contacted by their division or college's RP Coordinator in February of the replacement year, which provides Faculty and Staff 6 months to schedule an appointment for replacement.
Faculty who believe that compliance with the policy articulated above will place essential research or teaching work at risk may apply for an exception to run old and new systems in parallel for up to 1 month. Exception requests must be submitted to the VPIT (email@example.com) and include a rationale that addresses the following questions:
- What research or teaching activity will be placed at risk by the computer replacement?
- What applications or services must be tested for compatibility with the new computer?
- What aspects of the new computer (hardware specifications, operating system, etc.) are cause for particular concern?
Upon approval of an exception, a final date for pickup of the retired computer will be set. During the extension period, petitioners should be aware that the hardware they are operating on is more vulnerable to failure and accept responsibility for all risks related to operating a computer that is out of warranty and unsupported.
All retired computer systems must be collected by ITS on the same day as the replacement computer installation. If a faculty or staff member does not provide ITS the retired computer, the following procedure will take place:
- ITS Technician will report the Computer Retirement Policy violation to the IT Asset Manager/Replacement Program Manager
- IT Asset Manager will trigger a Computer Retirement Policy Violation Notice to the direct supervisor and RP Budget Approver of the Faculty/Staff member's division, department or college.
- Following November 30th, a list of all uncollected retired computers will be presented to the Leadership Team for review, discussion, and follow-up action.
- Replacement Program - University of San Francisco's annual technology program that replaces University-owned computers that have reached the end of their useful life. This program has a central budget.
- Computer Retirement - After a University-owned computer reaches the end of its useful life, the computer must be properly removed from campus network and all data contained on the hard drive must be destroyed (wiped).
- Disk Wiping - The process of securely erasing data from a computer';s hard drive by writing random data multiples times over the sectors of hard drive. USF ITS uses a Department of Defense (DOD) 7-pass wipe (writes random data 7 times).
- UITC - University Information Technology Committee.
- Desktop Computing Subcommittee - USF's IT Governance subcommittee that oversees the maintenance and development of USF's desktop computing environment.
- FERPA - The Family Educational Rights and Privacy Act of 1974, commonly referred to as the Buckley Amendment, protects the rights of students by controlling the creation, maintenance, and access to educational records. It guarantees students' access to their academic records while prohibiting unauthorized access by others.
- GLBA - Gramm-Leach-Bliley Act, Pub. L. No. 106-102, 113 Stat. 1338
- HIPAA - Health Insurance Portability and Accountability Act is Federal regulations establishing national standards for health care information.
- Software Piracy - unauthorized copying or installation of software