IT Assets Disposal/ Write-Off
Assign topic to the user
First of all, congratulations on your company’s achievement.
Regarding the IT assets disposal, you need to evidence that the applied data deletion method has made the previously stored information unrecoverable and that its application was verified and approved by the data owner.
For example, for a laptop, you can perform full disk encryption two or three times in a row, and at each time encryption is performed you must destroy the related encryption key.
As a proof for auditors you can develop a "Destructio/Deletion Record" containing the information about the asset, the deletion method aplied, date when the procedure was performed, and the signature of the person responsible for the deleted data, as a confirmation that the procedure was successfull.
For technical guidance, you should consider these references:
- ISO/IEC 27040 Information technology — Security techniques — Storage security - https://www.iso.org/obp/ui/#iso:std:iso-iec:27040:ed-1:v1:en
- NIST 800-88 - Guidelines for Media Sanitization https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
Comment as guest or Sign in
Aug 31, 2021