This article provides additional information on how you can meet the requirement for the CAF control – B3.e Media / Equipment Sanitisation.
Secure Sanitisation of Devices and Media
- Any device, equipment or removable media that may hold important data should be sanitised securely before reuse or disposal.
- All such assets should be tracked within the organisation’s asset inventory to verify whether they contain data relevant to essential services.
Policies and Procedures
-
The Records and Information Management Policy should define how media and devices must be sanitised or destroyed.
-
Established Secure Asset Disposal Procedures should be followed at all times.
Secure Deletion and Sanitisation
- Before any device or media is repurposed, transferred or decommissioned the organisation should apply Secure Deletion and Media Sanitisation processes using approved tools or certified third-party services to ensure all important data is completely removed (Sanitise and Dispose of Media Securely).
Evidence of Sanitisation
-
Disposal certificates or sanitisation records should be retained as evidence that data-bearing assets have been handled appropriately.
Preventing Data Recovery
- These sanitisation procedures ensure that important data cannot be recovered or accessed once devices leave the organisation’s control.