This article provides additional information on how you can meet the requirement for the CAF control – B3.d Mobile Data.
Secure Handling of Mobile Devices and Media
- Any device, equipment or removable media that may hold important data should be sanitised securely before reuse or disposal.
- All such assets should be tracked within the organisation’s asset inventory so you can verify whether they contain data relevant to essential services.
Policies and Procedures
-
The organisation’s Records and Information Management Policy should define how mobile devices, equipment and media must be sanitised or destroyed.
-
Secure Asset Disposal Procedures should be followed to ensure appropriate handling throughout the asset lifecycle.
Secure Deletion and Media Sanitisation
- Before any device or removable media is repurposed, transferred, decommissioned the organisation should apply Secure Deletion and Media Sanitisation processes using approved tools or certified third-party services, ensuring all important data is completely removed (Sanitise and Dispose of Media Securely).
Evidence of Secure Disposal
-
Disposal certificates or sanitisation records should be retained as evidence that data-bearing assets have been handled appropriately.
Preventing Data Recovery
- These sanitisation procedures help ensure that important data cannot be recovered or accessed once mobile devices or media leave the organisation’s control.