Can I remove the need for registering the disposal or destruction of confidential material from my Disposal and Destruction Policy and still comply with ISO 27001 ?
Assign topic to the user
If you do not have any unacceptable risk, legal or contractual requirement, or a management decision to register the disposal or destruction of confidential material you can remove this rule from your Disposal and Destruction Policy and still be compliant with ISO 27001.
These articles will provide you a further explanation about controls application and disposal of information:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipmentand-media-disposal-according-to-iso-27001/
Comment as guest or Sign in
Sep 18, 2019