I've purchased toolkit for ISO 27001 and right now I am going through various documents.
- As far as I understand the offer, the package includes unlimited questions via email, right?
- I am looking for areas regarding data retention and requirements from ISO 27001 standards. Does ISO 27001 require a definition of "data retention"? I haven't found any control about it nor template in the toolkit.
- Does ISO 27001 require to keep "Records of erasure"?
- Does "Records of erasure" are applicable in case of offboarding or also as part of retention of data? Offboarding employee = Termination of Contract with Employee. That means that as part of the offboarding checklist the access is removed and his laptop is "erased" for reuse by another person. With my understanding, that provides enough evidence that device/laptop/asset has been erased and satisfy A.11.2. Is it the right understanding?