Information Systems Lifecycle

General

This section implements Integrated CSU Administrative Manual (ICSUAM) Policy 8070.0.

Information Security requirements for acquisition of information systems

Consult Section 8, Configuration Management and Change Control, for information security-related information systems acquisition requirements.

Consult Section 6, Third Party Management, information security requirements imposed upon third party service providers.

Disposal of information systems

All units in T&I will take adequate measures to properly dispose of information systems at the end of their lifecycle. Except for systems that must be retained as a result of public records law, executive orders, or litigation holds, end of life information systems will be wiped using methods that conform to DOD Standard 5220.22-M.

Each T&I organizational unit will develop procedures for the destruction and sanitization of end of life information systems. The Information Security Officer or designee will review these procedures annually.