5 practical tips for media disposal according to ISO 27001

Today, media devices are less common than they were some years ago, because the current trend is the cloud, although there are still a lot of people using pen drives, external hard drives, etc. And, of course, all the information in the cloud is ultimately stored on a server, i.e., its hard disk, which is also a media device. As you will see later in the article, media devices need to be disposed of securely.

ISO 27001 is an international standard for the protection of information, and we will see how this standard can help us with the disposal of media devices.

First, let’s identify what media we need to take care of, as well as why and how we can securely dispose of them.

What are media?

Taking into consideration that, in ISO 27001, the most important thing is the information, we need to take care of the media that we are using to store the information. But, what do I mean by “media”?

Generally, in this context, a medium is a device that is used for storing information, so media would include hard drives, USB pen drives, external hard drives, CDs, DVDs, etc.

Confidential information

A lot of companies have a method for the classification of their information, because not all media have the same information, and not all of the information has the same value for the business. For example, there is a big difference between a USB pen drive containing a PDF file with a presentation of the business (which can be considered as public information), and a USB pen drive containing the company’s database of clients (which can be considered as confidential).

So, we need to classify the information, and in Annex A of ISO 27001 we have the control A.8.2. (Read more...)