11) Does your organisation ensure confidential paper waste is disposed of securely?
Physical Security Confidential Waste Secure Disposal
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 16, 2019

Answer yes if your organisation disposes of all confidential paper waste in a secure manner (typically either by shredding or incineration), or if a third party is used to dispose of the waste securely.

The secure collection and disposal of confidential paper waste ensures that your company data is protected and is a key tool to prevent acts of industrial espionage and the loss of commercially sensitive information.

Planned or unplanned third party access to company information through paper waster can directly lead to the loss of competitive advantage or damaging public relations events with significant impact to the financial and operationally stability of the company.

One of the first methods used by malicious actors targeting an organisation is Dumpster Diving. This is a process in which the attacking party collects trash from the target company and examines it to try and find out any information that could be used in a follow up social engineering attack.

How to implement the control:
For small to medium companies this control can be satisfied by purchasing a high quality shredder for your office (or offices) and mandating that all physical paper waste has to be shredded. For larger enterprises there are waste disposal services that will come and collect your confidential waste before destroying it onsite, either by shredding or incineration. These services will typically provide a certificate of destruction once complete. If confidential waste is going to be stored onsite in bins before being destroyed by a third party these bins should be secured with a lock.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.