AGENCY RESPONSIBILITY - 5953

Each agency is responsible for ensuring that any residual value in surplus IT supplies is realized.  Each agency must comply with the state property accounting requirements described in SAM Sections 8633 and 8640–8642 when disposing of surplus IT supplies. The agency must prepare and maintain a Property Survey Report (Standard Form 152) when disposing of surplus IT supplies.  The agency must certify that all memory assets have been sanitized.

A diligent effort must be made to secure at least three competitive bids for the supplies. If three bids cannot be obtained, a list or organizations or individuals solicited must be prepared and signed by an authorized representative of the agency. The list and the bids received must be attached to the Property Survey Report.

IT paper goods, e.g., computer printouts, punch cards, and pre-numbered forms, must be disposed of in accordance with SAM Section 1600.

Magnetic media for data processing devices, e.g., magnetic tapes and disk packs, must be disposed of in accordance with the procedures of this section. If sale is not possible, the magnetic media may be disposed of through any organization that will retrieve them without charge to the state.

The handling and disposal of IT supplies containing information classified as confidential or sensitive as defined in SAM Section 5300 must be conducted according to the policies stated in SAM Section 1600 and the procedures established by the agency program having ownership responsibility for such information. Agencies must ensure that all information assets or computing devises with digital memory and storage capacity are completely sanitized prior to disposal. Should DGS find confidential, sensitive or personal information in state-owned surplus personal property, the disposing agency must retrieve the materials immediately, and is responsible for incident notification and filing of any necessary reports related to any security event or incident that occurred (SAM Section 5340 for Agency Information Security Incident Management). (Management Memos #12-01 and Management Memo #12-02).