T1.4.2 - DISPOSAL OF MEDIA Implementation Guidance
The entity shall dispose media when no longer needed.
Back to T1.4.2 - P2 - DISPOSAL OF MEDIA
Formal procedures for the secure disposal of media should be established to minimize the risk of confidential information leakage to unauthorized persons. The procedures for secure disposal of media containing confidential information should be corresponding with the sensitivity of that information.
The following items should be considered:
- A. Media containing confidential information should be stored and disposed of securely and safely, e.g. by incineration or shredding, or erased of data for use by another application within the entity
- B. Procedures should be in place to identify the items that might require secure disposal
- C. It may be easier to arrange for all media items to be collected and disposed of securely, rather than attempting to separate out the sensitive items
- D. Many entities offer collection and disposal services for media; care should be taken in selecting a suitable external party with adequate controls and experience
- E. Disposal of sensitive items should be logged where possible in order to maintain an audit trail
When accumulating media for disposal, consideration should be given to the aggregation effect, which may cause a large quantity of non-confidential information to become sensitive.
Back to T1.4.2 - P2 - DISPOSAL OF MEDIA
