Skip to main content

CMS ATO Notice

CMS ATO information can now be found at security.cms.gov, along with other security and privacy resources.

This website will be retired. You will be redirected in a moment.

Retire

Overview

A system moves to the Retire Phase once it reaches the end of its useful life and/or the end of its contract. At this point, the decision is made to shut it down through a managed process outlined in the System Disposition Checklist. This ensures compliance with Federal guidelines when retiring a government IT system. There are many aspects to consider, including the following:

  • Records retention
  • Information security
  • Investment close-out procedures

The Business Owner (BO) and Information System Security Officer (ISSO) conduct a thorough planning process to define all tasks to decommission the system. There are 4 four specific documents that must be completed by the ISSO and Project team and signed by the BO and/or the ISSO.

Any remaining activities must be transitioned to a different process or system. All contracts are closed and data is archived according to the System of Record Notice (SORN) or other guidelines. Any remaining hardware must be disposed of according to federal best practices.