A financial institution plans to repurpose several older servers containing sensitive customer data. What is the appropriate action for repurposing these servers?

The appropriate action for repurposing servers containing sensitive customer data is to carry out a sanitization process that includes multiple passes of overwriting and degaussing. This process is crucial for ensuring that all sensitive information is irretrievably removed from the servers before they are repurposed.

Sanitization techniques, particularly thorough overwriting combined with degaussing, ensure that any residual data cannot be recovered by unauthorized individuals. By performing multiple overwriting passes, you significantly reduce the risk of data recovery through most file recovery techniques. Degaussing, which involves using a magnetic field to disrupt the data stored on magnetic media, further enhances this security measure by making data recovery virtually impossible.

The other options, while related to general server management, do not adequately address the critical need for protecting sensitive data during the repurposing process. Regular backups (first option), installing new operating systems (third option), and updating security patches (fourth option), do not secure sensitive customer data. Rather, they focus on maintaining operational integrity, system performance, and security for active systems, rather than ensuring the complete and secure removal of sensitive information.