Tuvaluan

Software Decommissioning

It is important that you carry out regular reviews or audits of application software on all computers and information systems, and ensure that redundant software is decommissioned or retired. This does not necessarily mean components bundled with operating systems, but old productivity, email, communications, financial and HR software, for example, together with programs specific to your business sector.

By definition, a software program represents a route to accessing data – including by unauthorised parties. So if the program is correctly deleted, it follows that the data cannot be accessed via that means.

Redundant software is often maintained to provide access to legacy data for business or regulatory reasons. Sometimes, however, organisations are running unnecessary software to access data which could be accessed via an alternative program. It is also not unusual for redundant software to loaded on machines which the organisation is not even aware still exists … and still be running in the background.

In addition to mitigating security risks, decommissioning redundant software can also deliver significant cost savings in support and resource.

Safe decommissioning

• Conduct a comprehensive review of data which is accessed from legacy applications. If it is still required for business or compliance purposes, relocate it another data repository or archive store that can be accessed independently and securely using reporting or business intelligence tools.
• Maintain the same security procedures on services which are planned to be decommissioned, as any other, live services, including penetration testing where appropriate.
• Ensure that software is completely erased from computers and other business systems prior to physical disposal by using a dedicated deletion program or service, or by physically destroying hard drives.

 

See Also...