Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

32) Does your organisation ensure that all used digital media (that may have stored data) is disposed of securely and are certificates of destruction obtained?

August 30, 2022
IT Operations
Secure Media Disposal
Secure Destruction

Answer yes if your organisation has a process to securely destroy all media that may hold business information. If a third party is used, only answer yes if your organisation receives certificates of destruction. Please provide a document outlining the process (as a PDF file) as evidence or describe the process in the notes section.

A common way for businesses to experience a data breach is through confidential data being recovered from digital media that is being thrown out or repurposed. In fact, a common method used by malicious actors who are targeting a company will be to do thorough bin searches to see if there is any information they can use in a later attack.

It is therefore essential that you ensure any media is securely wiped or destroyed before being thrown away. Either an internal robust and auditable secure media destruction process should be evidenced, with the appropriate procedures, tools and logs/audits in place, or an auditable third party contract for the secure destruction of media, supported by certificates of destruction, should be in operation.

How to implement the control

You can either implement an internal and auditable secure media destruction process if your IT team have the tools and expertise to do so, or you can contract this work out to a third party who specialises in the secure destruction of media.

It is important that if this work is contracted out to a third party, that the third party supplier provides certificates of destruction.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.