Security & Compliance
< Back to Article ListIS-03 Disposal and Destruction Policy
Last updated: 24 October 2024 at 11:36:44 UTC by Russell Briggs
Disposal and Destruction Policy
Document Ref No |
IS-03 |
Version No |
V1 |
Last review date |
14/10/2021 |
Approved by |
Dom Tyler |
Next review |
14/10/2022 |
Contents
1.Purpose, scope and users 3
2.Disposal and destruction of equipment and media 3
2.1.Computer Equipment 3
2.2.Mobile storage media 3
2.3.Paper media 3
2.4.Erasure and destruction records; commission for the destruction of information 3
3.Document management 4
4.Version history 4
1. Purpose, scope and users
The purpose of this document is to ensure that information stored on equipment and media (whether digital or paper format) is safely destroyed or erased.
This document is applied to the entire Information Security Management System (ISMS) scope, i.e. to all the information and communication technology as well as to the documentation within the scope.
Users of this document are all employees of Recycly.
2. Disposal and destruction of equipment and media
All data and licensed software stored on local hardware, Google Drive and other must be erased or the medium destroyed before it is disposed of or reused.
2.1. Computer Equipment
The IT department is responsible for checking and erasing data from equipment unless the Information Classification Policy prescribes differently. Data must be erased using a recognised standard, for example NCSC certified products.
If the process is not secure enough considering the sensitivity of the data, then the storage medium must be destroyed.
2.2. Mobile storage media
Mobile storage media (i.e. USB) are blocked via JumpCloud, therefore mobile storage is not possible.
In the unlikely event that mobile storage is used, users are responsible for erasing data from mobile storage media, unless the Information Classification Policy prescribes differently.
If the erasure process is not secure enough considering the sensitivity of the data, then the storage medium must be destroyed.
2.3. Paper media
Employees of the organisation handling individual documents are responsible for destroying paper documents, unless the Information Classification Policy prescribes differently. Paper documents with a classification other than PUBLIC should be destroyed in paper shredders or confidential waste bins where available.
2.4. Erasure and destruction records; commission for the destruction of information
Records of erasure/destruction must be kept for all data classified as "Confidential." Records must include the following information: information about the media, date of erasure/destruction, method of erasure/destruction, person who carried out the process.
3. Document management
This policy shall be available to all Recycly Employees and any Third Parties where required. The policy must be reviewed and, if necessary, updated at least once a year. Notice of significant revisions shall be provided to Recycly Employees via email.
4. Version history
Summary of Change |
Date of Change |
Author |
Version No |
First Draft |
14/10/2021 |
Dom Tyler |
1 |
|
|
|
|
|
|
|
|