Safe disposal of laptops

Critical
High
Normal
Low

The organization has defined procedures for the safe disposal of laptops that are no longer required.

Connected other frameworks and requirements:
8.3.2: Disposal of media
ISO 27001
11.2.7: Secure disposal or re-use of equipment
ISO 27001
PR.DS-3: Asset management
NIST CSF
7.10: Storage media
ISO 27001
7.14: Secure disposal or re-use of equipment
ISO 27001

Personnel guidelines for safe disposal of paper data

Critical
High
Normal
Low

Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.

Connected other frameworks and requirements:
8.3.2: Disposal of media
ISO 27001
I17: Salassa pidettävien tietojen jäljentäminen - Tulostus ja kopiointi
PR.DS-3: Asset management
NIST CSF
PR.IP-6: Data destruction
NIST CSF
A.11.7: Secure disposal of hardcopy materials
ISO 27018

Secure disposal of cloud service specific resources

Critical
High
Normal
Low

When offering cloud services, the organisation must have procedures in place for safe disposal or potential reuse of resources utilized in service providing, such as:

  • Equipment
  • Devices
  • Data storage
  • Files
  • Memory

When utilizing cloud services, the customer organisation should ensure secure disposal by requesting confirmation of these procedures from the cloud service provider.

Connected other frameworks and requirements:
PR.DS-3: Asset management
NIST CSF
11: Physical and environmental security
ISO 27017
11.2: Equipment
ISO 27017
11.2.7: Secure disposal or re-use of equipment
ISO 27017

Process for secure disposal of removable media containing confidential information

Critical
High
Normal
Low

Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.

Data destroyed in accordance with the process should not be recoverable, even by forensic means.

Connected other frameworks and requirements:
8.3.2: Disposal of media
ISO 27001
11.2.7: Secure disposal or re-use of equipment
ISO 27001
PR.DS-3: Asset management
NIST CSF
PR.IP-6: Data destruction
NIST CSF
A.11.7: Secure disposal of hardcopy materials
ISO 27018

Detailed rules for the management of removable media

Critical
High
Normal
Low

When removable media is an important part of an organisation's operations, more specific rules have been defined for securing removable media and the information they contain.

  • when a removable media is transferred outside the organization, it is impossible to restore its contents if the content is no longer needed;
  • the transfer of media from the organization required a permiossion and all transfers will be logged
  • removable media are protected by encryption when the confidentiality and integrity of the information is important
  • information on removable media is regularly passed on to unused media so that the media does not deteriorate and the data becomes unreadable before that time;
  • multiple copies of valuable data are stored on different media to reduce the risk of simultaneous data damage or loss
Connected other frameworks and requirements:
8.3.1: Management of removable media
ISO 27001
8.3.3: Physical media transfer
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
PR.DS-3: Asset management
NIST CSF
PR.PT-2: Removable media
NIST CSF
No items found.