S 2.496 Orderly withdrawal of a logging server from operation

Initiation responsibility: Data Protection Officer, IT Security Officer

Implementation responsibility: Administrator

Logged data is collected, processed, stored, and archived on a logging server. This data may contain IP addresses, user names, and names of IT systems, amongst other things. Therefore, it must be ensured that no information worthy of protection is contained on hard disks and other storage media when the logging server is withdrawn from operation. All data media must be securely deleted, regardless of whether they are passed on, repaired, or disposed of.

In the event of repair work, it is not sufficient to only format the hard disks or to only use the delete functions of the operating system. The data media must be overwritten using suitable deletion programs in such a way that the data cannot be restored with the help of special methods. More detailed information on how to securely delete and destroy data media can be found in S 2.167 Selecting suitable methods for deleting or destroying data.

When a logging server is disposed of, it is recommendable to mechanically destroy the storage media (shredding) in addition to the deletion process. If storage media cannot be destroyed promptly, they must be protected against unauthorised access until they are destroyed. Magnetic storage media can also be deleted electromagnetically with the help of a degausser.

If the data media are deleted by third parties, the contract must be awarded in accordance with data protection requirements, amongst other things, and an order data processing agreement must be concluded.

Review questions:

• Is it ensured that no data worthy of protection is contained on the data media after the logging server is withdrawn from operation?