Skip to main content

Phase 7: Disposal

This final phase of the lifecycle, End-of-Life and Asset Disposal, covers the secure removal and retirement of systems, hardware, and software. For the Osborn project, this primarily involves decommissioning AWS resources and ensuring all related data and access are securely handled.

This phase is governed by the Asset Disposal Policy and Standard, available at IT Central.

Secure Disposal Requirements

  • Compliance: Disposal of all system components (including AWS resources like EC2 instances, S3 buckets, and RDS databases) must comply with applicable laws, regulations, and Omnicom policies.
  • Data Removal: Before disposal, Confidential and Restricted Data stored in S3, RDS, or other services must be securely transferred, archived, or deleted according to contractual and regulatory requirements.
  • Hardware Destruction: While Osborn is cloud-first, any hardware devices containing Sensitive Data must be securely overwritten or destroyed.
  • Software Removal: Software must be removed as per the applicable license agreements.
  • Storage Media: All storage media, including EBS volumes and S3 buckets, must be securely wiped and/or deleted.

Removal Requirements for Osborn

  • Authorization: AWS resources and other software must not be decommissioned without proper authorization from the project lead and asset owner.
  • Data Owner Procedures: The removal of data from a system must comply with procedures determined by the Data Owner.
  • Inventory Updates: Omnicom inventories and the Configuration Management Database (CMDB) in ServiceNow must be updated when hardware and software assets are removed. This is a critical step to ensure accurate asset tracking.