Many copiers, scanners, printers, and multifunction office devices retain, on a hard drive, a digital cached "copy" of some or all documents printed, scanned, or processed by the device. IU policies, best practices, and procedures protect the confidentiality and integrity of information regardless of the type of storage device involved. This page will help you make appropriate and informed risk-based decisions for information contained on office/unit/department multifunction office devices.
How secure is your data?
When beginning the search for new equipment, engage and work closely with the Office of Procurement Services. They have negotiated contracts with vendors to ensure the university receives the best prices on equipment and provides additional protection for data processed by the machine — either by keeping the cache encrypted, periodically securely deleting the cache, or (ideally) not keeping one at all.
You may direct specific questions related to this type of equipment to the Office of Procurement Services.
If you are currently in the middle of a product’s life, you have several options. UISO recommends you carefully evaluate the options and choose one commensurate with your perceived risk.
However, before anything else, first determine whether your equipment is in fact retaining digital copies on a hard drive. To do this, you may want to contact:
- your sales/leasing vendor
- the manufacturers web site
- Office of Procurement Services
Inquire about a replacement
You may contact either the Office of Procurement Services or your vendor directly to inquire about replacement equipment. Don’t assume all equipment contracts are created equal; perhaps you can replace your equipment at no additional cost to you?
Purchase add-on equipment and/or software
Several vendors and/or manufacturers produce add-ons to their equipment for additional purchase that either regularly destroy or encrypt the cache copies that are stored on the equipment’s hard drive. This option may be viable if you have a large, expensive piece of equipment that is inappropriate to replace at this time.
It has been speculated that several manufacturers have contributed to the media frenzy on this subject in an attempt to sell these add-on units. So, while discussing options with a vendor is not discouraged, please consult with the Office of Procurement Services before making any final purchasing decisions.
Harden the device and develop departmental clean-up policies
Your best option may be to keep your current equipment and attempt to secure the data within the devices as you go. In this case, UISO offers this quick 5-step guide:
- Review all the functionality of the device, decide how it is to be used (or receive that information from others) and harden the configurations. Disable every service and feature except those identified as required on an everyday basis — including how accessible the machine is via the network. Revisit the requirements of the device as often as necessary, as offices are often organic environments with changing needs.
- Determine if your make/model equipment offers a “disable” option with regard to maintaining digital cache copies. If so, disable that option.
- If not, determine whether your equipment allows periodic deletion of this data. Automatic deletion at specific intervals is preferable, but manual deletion will suffice.
- If your equipment only allows for manual deletion, determine who this task will fall to in your office. Copiers and related devices have not been traditionally considered IT equipment, so an office manager or other administrative personnel may oversee your equipment.
- If a department head requires further reading before wanting to assign staff hours, the Information Policy and Security Offices maintain excellent documentation:
Since it has become public knowledge that copiers/multifunction office devices may contain sensitive personal information, their disposal must be handled carefully. The university already has the following existing resources related to the disposal of hard drives and the secure removal of data, which should be applied to this type of equipment:
- Disposal and Redistribution of University Property | IU Procurement Services
- Secure Data Removal | IU Information Security Office
- IUB Surplus Data Destruction Service | IU Procurement Services
- Surplus Hard Drive/Data Shredding Program | IU Procurement Services - IUPUI and Regional Campuses
Several vendors provided security-related information to IU in the form of answers to questions and additional white papers about the security of their products. The questions asked of the vendors were:
- How many of your devices retain an image of documents on an internal hard disk?
- Does it retain an image of all documents? Scanned, photocopied, printed?
- Provide detail about retention; how long are these images saved?
- Can the devices be configured not to store such images?
- Can the drive be encrypted?
- What other security options/configurations are available?
- Can you provide the costs for various options?
- How do you secure email transmissions, when your copier is used to scan and email documents?
- When a device is serviced and a hard disk is removed, what happens to the drive? is it wiped? shredded?
Read responses from CopyCo, Maxwell's, Cannon IV, Toshiba Business Solutions, and Xerox Corporation. (Note: responses were copied verbatim from email responses)
Security White Papers
These were provided to us directly by the vendors. The Information Security Office only wishes to make this documentation available, and advises that all offices choose a multifunction office machine that can adequately secure university information; this page should imply no endorsement of any particular vendor.
Data Encryption and Overwrite | Canon
Xerox Product Security | Xerox Corporate
imageRUNNER/imagePRESS Security | Canon
imageRunner Advance Security | Canon