Laptop and Desktop Sanitization Practices Need Improvement

The Chief Information Officer should ensure that the IRS only uses sanitization products that are approved by the Department of Defense, the Department of Homeland Security, or the National Security Agency.

The Chief Information Officer should ensure that sanitization equipment and procedures are tested annually to verify that the intended sanitization results are being achieved.

The Chief Information Officer should ensure that steps are taken to degauss or destroy hard disks identified during this review that were not sanitized or had bad sector errors.

The Chief Information Officer should ensure that hard disks separated from their computers are properly accounted for throughout the sanitization process.

The Chief Information Officer should ensure that Memphis Sanitation Site Standard Operating Procedures are clarified to further define accounting for damaged or missing hard disks.