Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » ISO 27001 » ISO 27001 Data Destruction

ISO 27001 Data Destruction

ISO 27001 Data Destruction is an integral component of the overall framework that deals with data management when disposing of your organization’s sensitive and personal data.

The standard specifies that the data you collect should be erased when it is no longer serving its purpose and should never be recovered. Here is what goes into the destruction of physical documentation in ISO 27001:

  • Shredding  – Destruction of physical documents with the help of industrial shredders
  • Pulverization – Reducing physical data to tiny particles with the help of  (used for CDs, hard drives, flash drives), etc
  • Degaussing – Erasing data from physical media with the help of powerful magnet fields like tapes, hard drives, etc 

Destruction of digital data –

  • Secure erasure – Covering data with multiple random patterns so that it cannot be retrieved
  • Data wiping software – Using special software for clearing data on computing and storage devices
  • Cryptographic erasure – encrypting data and disposing of the decryption keys

The data destruction process includes sorting out the irrelevant information in terms of sensitivity and destroying it accordingly to ensure it is out of reach.

This ensures that these types of sensitive information do not fall into the wrong hands and evade data leaks, data breaches, or any misuse of personal data that could lead to reputation damage, financial losses, etc.

Therefore, having a proper data destruction practice in your organization can help protect customer privacy and maintain a strong security front.

Also, read more about ISO 27001 Compliance

Additional reading

SIEM use cases

SIEM use cases: How to bulletproof your business? 

A Gartner report indicates that the primary driver for organizations implementing or upgrading Security Information and Event Management (SIEM) systems is the need for rapid detection of data breaches and targeted attacks. Modern SIEM systems can collect and process massive amounts of information regarding log data generated within organizations’ IT environments. This enables them to…
Penalties for HIPAA Non-Compliance

Understanding Penalties for HIPAA Non-Compliance: A Comprehensive Guide

HIPAA compliance penalties can range from monetary penalties to civil lawsuits to criminal charges. The monetary penalties range from $127 to $250,000 depending on the nature of the HIPAA violation. The HIPAA law enforces penalties on organizations processing PHI when instances of non-compliance are discovered. In this article, we talk about the types of penalties…
iso 27001 2013

ISO 27001:2013 – A Guide to Information Security Management

In response to growing security concerns and breaches, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) published ISO 27001 in 2005.  It was revised in 2013 to keep the document to sync with global changes in technology and processes, and most recently in 2022. The 2013 version is not significantly different…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.