Expert Advice Community

Disposal and Destruction Policy issue

  Quote
Created:   Sep 17, 2019 Last commented:   Sep 18, 2019

Disposal and Destruction Policy issue

Can I remove the need for registering the disposal or destruction of confidential material from my Disposal and Destruction Policy and still comply with ISO 27001 ?

 

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Expert
Rhand Leal Sep 18, 2019

If you do not have any unacceptable risk, legal or contractual requirement, or a management decision to register the disposal or destruction of confidential material you can remove this rule from your Disposal and Destruction Policy and still be compliant with ISO 27001.

These articles will provide you a further explanation about controls application and disposal of information:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipmentand-media-disposal-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 17, 2019

Sep 18, 2019