Personnel must have security guidelines that deal with e.g. the following topics:
The organization has defined procedures for the safe disposal of laptops that are no longer required.
Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.
Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.
Data destroyed in accordance with the process should not be recoverable, even by forensic means.
There are agreed procedures for identifying and marking media that require safe disposal.