Why bother with secure IT asset disposal?
Asset disposal may appear to be a simple activity, since we generally only dispose things that we deem no longer needed or not valuable. However, thinking about environmental recycling activities, you can see that what is worthless to someone can be highly valuable to someone else.
The same applies to information. Some part of information we consider not valuable can lead a competitor to gain a business advantage, a criminal to discover an organization’s weaknesses or, worse, cause damage to a customer or person’s life by using personal or private information to commit a crime posing as those persons.
Many organizations are either implementing ISO 27001/2 frameworks or policies that align with such and in doing do, you would of noticed the below areas that are covered:
ISO 27001 controls and ISO 27002 recommendations
With the objective to protect a business’ relevant information during its entire lifecycle, ISO 27001 provides two specific controls related to information disposal:
- Whenever a media shall be discarded, the use of procedures should be considered to ensure proper information disposal (control A.8.3.2 – Disposal of media).
- Equipment containing storage media shall be verified to ensure it is free of sensitive information prior to disposal or re-use (control A.11.2.7 – Secure disposal or reuse of equipment).
Radtech provides IT asset disposal services and data wiping that complies not only with ISO standards but NIST, HIPAA and more.
Let us help you on this continuous journey….
10 January 2022 at 19:00