Guest
Information/data retention and destruction policy
I currently need to create information retention and destruction policy and was hoping you might have a template and/or examples we could use.
We purchased your ISO27001 documentation package a couple of years ago and have implemented (but not certified) using those docs. I went through the ones we didn’t use and the only one that appeared to be possibly appropriate was A.11.2. Any guidance would be appreciated.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Aug 12, 2021
Template A.11.2 - Disposal and Destruction Policy is the template to be used to define a retention and destruction policy.
This article will provide you a further explanation about information disposal:
- 5 practical tips for media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/
This material will also help you regarding information disposal:
- NIST Special Publication 800-88, Revision 1: Guidelines for Media Sanitization https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
Comment as guest or Sign in
Aug 12, 2021
Aug 12, 2021
Aug 12, 2021