3.6 Summarize proper server decommissioning concepts.
📘CompTIA Server+ (SK0-005)
1. What is Media Retention?
Media retention refers to keeping data stored on any media (hard drives, SSDs, tapes, cloud storage, etc.) for a specific period of time.
- This data can include:
- System logs
- User data
- Financial records
- Security logs
- Backup data
- The retention period is defined by:
- Company policy
- Legal requirements
- Industry regulations
👉 In server decommissioning, you must not destroy data until retention requirements are met.
2. Why Media Retention is Important
Media retention is required to:
1. Meet Legal and Regulatory Compliance
Many industries require data to be kept for a minimum time.
Examples:
- Financial records may need to be retained for several years
- Security logs may need to be kept for audit purposes
- Healthcare data must follow strict privacy laws
Failure to comply can result in:
- Legal penalties
- Fines
- Loss of certification or license
2. Support Audits and Investigations
Retained data is used for:
- Security audits
- Incident investigations
- Troubleshooting past system issues
Example:
- If a data breach occurs, logs must be available to trace the attack.
3. Business and Operational Needs
Organizations may need historical data for:
- Performance analysis
- Reporting
- Backup recovery
3. Types of Media Retention Policies
1. Time-Based Retention
Data is kept for a fixed duration.
Example:
- Logs are kept for 90 days
- Backups are kept for 1 year
After the time expires, data can be:
- Deleted
- Overwritten
- Securely destroyed
2. Event-Based Retention
Data is kept until a specific event occurs.
Example:
- Data is retained until:
- A project is completed
- An audit is finished
- A legal case is closed
3. Compliance-Based Retention
Data is retained based on laws and regulations.
Examples:
- Financial regulations
- Data privacy laws
- Industry standards
👉 These are the most important for exam scenarios.
4. Storage Types Used for Retention
Retention data can be stored on:
- Hard drives (HDD)
- Solid State Drives (SSD)
- Tape storage
- Network storage (NAS/SAN)
- Cloud storage
Each storage type may have:
- Different retention policies
- Different security requirements
- Different destruction methods
5. Key Concepts in Media Retention
1. Data Classification
Before retention is applied, data is classified:
- Public
- Internal
- Confidential
- Restricted
👉 Sensitive data often has longer retention and stricter protection.
2. Data Lifecycle Management
Data goes through stages:
- Creation
- Active use
- Storage (retention period)
- Archival
- Destruction
👉 Retention applies mainly to the storage and archival stages.
3. Archival vs Backup
- Backup
- Used for recovery
- Short-term storage
- Frequently overwritten
- Archive
- Long-term retention
- Rarely accessed
- Stored for compliance or historical purposes
👉 Archives are closely tied to retention requirements.
6. Legal and Compliance Considerations
When dealing with retention, you must follow:
1. Data Protection Laws
Regulations may require:
- Keeping data for a specific time
- Protecting sensitive information
- Preventing unauthorized access
2. Legal Hold (Very Important for Exam)
A legal hold means:
- Data must NOT be deleted or altered
- Even if retention period is over
- This happens during:
- Investigations
- Lawsuits
- Audits
👉 Decommissioning must stop until the legal hold is lifted.
3. Chain of Custody
This tracks:
- Who accessed the data
- When it was accessed
- What actions were performed
Important for:
- Legal evidence
- Audits
- Forensic investigations
7. Retention in Server Decommissioning
When decommissioning a server, follow these steps:
Step 1: Identify Data
- Determine what data is stored on the server
- Classify data types
Step 2: Check Retention Requirements
- Company policies
- Legal regulations
- Industry rules
👉 You must confirm how long data must be kept.
Step 3: Move or Archive Data
- Transfer required data to:
- Archive storage
- Backup systems
- Long-term storage
👉 Ensure the data remains accessible if needed.
Step 4: Verify Retention Period
- Ensure all data has met its retention period
- Confirm no legal hold exists
Step 5: Secure Data Before Destruction
- Ensure data is protected until destruction
- Prevent unauthorized access
Step 6: Proceed with Secure Media Destruction
- Only after retention requirements are satisfied
8. Risks of Ignoring Retention Requirements
Failing to follow retention rules can cause:
- Legal penalties
- Data loss before required time
- Audit failures
- Security risks
- Non-compliance with regulations
👉 This is a common exam trap.
9. Exam Tips (Very Important)
- Retention = keeping data for a required time
- Always check:
- Legal requirements first
- Company policy second
- Do NOT destroy data if:
- Retention period is not complete
- Legal hold is active
- Know the difference:
- Backup vs Archive
- Time-based vs event-based retention
- Think:
👉 “Can this data be legally deleted?” before decommissioning
10. Simple Summary
- Media retention defines how long data must be kept
- It is required for:
- Legal compliance
- Security
- Business needs
- Data must be:
- Stored securely
- Not deleted prematurely
- Always check:
- Retention policies
- Legal holds
- Compliance requirements
- Only destroy media after all requirements are satisfied
