Secure Paper Shredding and Recycling

SF State has a campus-wide contract with Citywide Fibers for secure paper disposal. All paper containing sensitive information must be discarded in the locked blue bins provided by Citywide Fibers. The Citywide service should be used instead of personal office shredders wherever possible, as waste from personal shredders is not recycled.  

The Citywide Secure Bin is ocean blue in color with a small paper slot and locked lid. The bins will say:
 

CITYWIDE FIBERS
415-822-3688
SHREDDING

on the side. The bins have the following dimensions:  2 ft wide x 2.5 ft deep x 3.5 ft tall
 

blue toter bin

The Citywide bins will have additional characteristics: They will have a lock on the bin, be in a secured/staffed area, and be stenciled with a Citywide label.  In general these bins will be in a secure area for your department or an another department you share the bin with.  When in doubt, verify with the staff in the area of the bin.  The Campus blue recycle bins are typically not secured and are commonly found sitting out in the open/in hallways.

Yes. Someone from your department should have a key to the secured bin or you can contact the staff at Citywide to unlock the bin for you.

Personal shredders are also not economical from a resource perspective and paper generated by office shredders is not accepted into the recycle stream.  Therefore, office shredders should be replaced with a locked bin from Citywide.  See the Campus Recycling Guide (related links in right column) for instructions on disposing of shredded paper.

For the past few years, SF State has shredded about 50 tons of paper per year.

Contact Mike at Citywide Fibers: 415-822-3688

It depends on the amount of secure documentation your department generates weekly.  The bin is scheduled to be emptied by Citywide every week.  Departments may share bins.

Bins must be kept in areas which are staffed and locked after hours, or secure at all times.  Although bin lids are locked, the container is not designed to protect confidential materials outside of secured physical areas.  Bin locations must be compliant with Fire Marshall requirements -- i.e., they must not block doorways and they must allow clear passage through any hallways. Bins should be located in areas that are secure but easily accessible by employees within the department.  Bins are best located in a general resource area, such as a copier room, which is staffed during office hours but locked during off hours, and where access is limited to faculty and staff.

Yes. Although the bin has a lock, it must be protected from unauthorized persons rolling the bin away or cutting it open.  The bin must be secured in a locked office that is staffed during the periods the door is unlocked.  The bin can not be left in an area that isn't locked when the area is not staffed (i.e. in a hallway to a building).

No.  Staff from Citywide will need to open the lock to empty the bin, but an SF State staff member should also have a key to the lock.

Citywide will empty secure bins every Tuesday.

You can contact Citywide at 415-822-3688 to make special arrangements.

You can get more information by calling Citywide at 415-822-3688.

Yes, for paper shredding there is a per pound charge which varies depending on the number of bins and bulk pickups. The average cost per department in 2008 for the approximately 14 existing departments that used the service was around $1500/year. 

Personal office shredders are no longer recommended for sensitive printed data disposal due to variances in shred quality; output from these machines is also no longer accepted by most recyclers.

NAID certification relates to final minimum particle size after an item is shredded.  Citywide meets these minimums for the type of sensitive data SF State generates.  NAID audits refer to machine capabilities; NAID audits of the machine are for maximums and certification doesn’t necessarily establish an acceptable minimum. 

Record Retention and Disposition

SF State University requires that university records be disposed of or retained for specific periods of time in accordance with legal and other institutional requirements.

On an annual basis departments and data custodians must review their data to ensure that data is purged and/or archived by the systems (automatically or manually) per the CSU Records Retention and Disposition Schedule to comply with Executive Order 1031.

Strategies must be identified and mitigation controls put in place against threats and vulnerabilities to Confidential Data for systems that do not support automatic data purging and/or archiving. Mitigation controls must ensure that risks are reduced to an acceptable level, taking into account: 

Mitigation controls put in place should be reviewed and approved by the data owner, Information Security Officer, Associate Vice President & Chief Technology Officer, Information Technology Services (ITS) and Associate Vice President, Enterprise Risk Management.