Asset management

The organization has defined procedures for the safe disposal of laptops that are no longer required.

Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.

When offering cloud services, the organisation must have procedures in place for safe disposal or potential reuse of resources utilized in service providing, such as:

• Equipment
• Devices
• Data storage
• Files
• Memory

When utilizing cloud services, the customer organisation should ensure secure disposal by requesting confirmation of these procedures from the cloud service provider.

Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.

Data destroyed in accordance with the process should not be recoverable, even by forensic means.

When removable media is an important part of an organisation's operations, more specific rules have been defined for securing removable media and the information they contain.

• when a removable media is transferred outside the organization, it is impossible to restore its contents if the content is no longer needed;
• the transfer of media from the organization required a permiossion and all transfers will be logged
• removable media are protected by encryption when the confidentiality and integrity of the information is important
• information on removable media is regularly passed on to unused media so that the media does not deteriorate and the data becomes unreadable before that time;
• multiple copies of valuable data are stored on different media to reduce the risk of simultaneous data damage or loss