Frequently Asked Questions about MultiFunction Digital Photocopiers
In April 2010, CBS News aired a report on Digital Photocopiers. In response to the questions that arose from this news story, the Office of Information Technology (OIT) prepared the following frequently asked questions to assist you and your office in taking the appropriate steps to protect potentially sensitive data.
DIGITAL PHOTOCOPIERS LOADED WITH SECRETS - CBSNEWS
Who maintains the inventory of American University’s Multifunction (MF) Digital Copiers?
The Procurement & Contracts Office has an inventory of copiers leased and purchased by American University. Each office, department or school has their own maintenance contract with the copier manufacturers and service organizations.
What kind of MF copiers does American University have?
Currently our inventory is spread across three vendors, Canon (through Ameritel), Xerox, and Konica.
What can I do to determine whether my copier is digital and can retain data?
Locate your maintenance contract, and identify the make and model. Look at the documents under RELATED LINKS on this page. Or you may wish to call your representative directly.
As of 7/16/2010
Denise Brown Moore
As of 7/16/2010
As of 7/16/2010
What steps can I take to make sure the data is erased from our MF digital copier?
American University primarily leases its MF copiers. The three manufacturers are Canon (Ameritel), Xerox, and Konica. All three manufacturers have models with security features included.
Will the company we are leasing from erase the data on the digital machines?
Each company has a unique agreement. It is best to contact your representative directly to ask about the terms of the agreement. See vendor contact information above.
My office works with sensitive data, what security steps should we take?
Determine whether any data should be stored on the MF copier. If not, work with your vendor representative to make sure it is configured in this way.
Consider the physical security of your printers and copiers that process documents. Should they only be accessed by select individuals? Consider discussing physical security procedures for your office and routinely educate staff members so everyone understands their role and responsibilty.
Identify who has the administrative password to the copier; this individual can make changes to the settings. Verify who it is and ensure they understand their role and responsibility.
Verify that at least one or two people in your office understand how to check to make sure data is erased and verify that no data is stored locally.
Call OIT. Ask them to ensure that the network access is limited to only your office. Currently all MF copiers are limited to AU-only access. See the Data Classification Policy at http://www.american.edu/policies for a description of AU-only access.
What do these companies have to say about their security features?
Under the right-hand menu on this page, look under the heading RELATED LINKS where Canon, Xerox, and Konica have provided documents that discuss in detail their approach to security. Please contact your representative for additional details. See vendor contact information above.
What about American University’s recycling program?
Normally our copiers are leased and are returned to the leasing company after the term has ended. Very seldom do we send a copier for recycling.
2nd Asset Solutions is American University’s recycling company. All items sent to 2nd Asset Solutions follow the destruction process, which checks media and destroys in accordance with DoD Standard 5220.22-M. Below find the clause from our Agreement:
B. VENDOR PROCEDURES: Vendor will adhere to the following procedures during the term of this Agreement and will notify University of any changes during the term of this Agreement. Items are sent to the testing area to determine what production line recycled material will be moved to. If the item is determined to be re-sellable, it is moved to the cleaning area. All cases are cleaned; asset tags and owner identification tags are removed. If applicable, the computer is moved to a wipe station that does not allow viewing of data. The hard drive is wiped in accordance with Department of Defense standard 5220.22-M. Various types of copiers and printers that are pre-1990 utilize a transparent or magnetic film. This film is removed and destroyed. All drives (backup and floppy) are checked to ensure no media is left inside. If media is found, it is destroyed according to DoD Standard 5220.22-M.