I've heard from my Amdahl days that the decommissioned machines had to be destroyed rather than returned for their parts value - and that the destruction was pretty definitive.
But none of these anecdotes answer my question: would you feel happy after, for instance, a DR test, to know that the DASD you used contained only encrypted data and that the VTOC's had been overwritten? More importantly, would this ensure compliance with the standards required? I ask because ther seems to be a couple of contradictory issues involved: in some jurisdictions a standard of encryption is considered to be a requirement when sending data offsite, be it over the wires or in some other portable format. In other words, the authorities accept that once it has been encrypted and adeqaute care is taken over key exchange, then you have fulfilled the requiremnts to protect your data. Yet deleted data seems to require another standard - or does it? In the same vein, if you are decommisioning DASD, or removing yourself from a hot-site, would encrypting your data be adequate both to satisy compliancy requirements and to make you feel comfortable yourelves? I assume the re-init at the least of the volumes afterwards, of course. Even the entries of a VTOC could be valuable. I'd be interested to se what the Innovation Data Processing people would have to say on this as they provide both encryption and erase products. One of them - short of huge performance factors which wouldn't really be an issue when decommisioning DASD- would appear to be redundant. Unless there is some weird legislative standard which says that encryption is fine for transmission of data over open IP networks, but is not fine for resundant data held on permanent storage. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html