Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » ISO 27001 » ISO 27001 Data Destruction

ISO 27001 Data Destruction

ISO 27001 Data Destruction is an integral component of the overall framework that deals with data management when disposing of your organization’s sensitive and personal data.

The standard specifies that the data you collect should be erased when it is no longer serving its purpose and should never be recovered. Here is what goes into the destruction of physical documentation in ISO 27001:

  • Shredding  – Destruction of physical documents with the help of industrial shredders
  • Pulverization – Reducing physical data to tiny particles with the help of  (used for CDs, hard drives, flash drives), etc
  • Degaussing – Erasing data from physical media with the help of powerful magnet fields like tapes, hard drives, etc 

Destruction of digital data –

  • Secure erasure – Covering data with multiple random patterns so that it cannot be retrieved
  • Data wiping software – Using special software for clearing data on computing and storage devices
  • Cryptographic erasure – encrypting data and disposing of the decryption keys

The data destruction process includes sorting out the irrelevant information in terms of sensitivity and destroying it accordingly to ensure it is out of reach.

This ensures that these types of sensitive information do not fall into the wrong hands and evade data leaks, data breaches, or any misuse of personal data that could lead to reputation damage, financial losses, etc.

Therefore, having a proper data destruction practice in your organization can help protect customer privacy and maintain a strong security front.

Additional reading

NIST CSF 2.0

NIST CSF 2.0: Everything You Need to Know

The NIST CSF 2.0 has received its long-awaited update six years after the previous version. With generative AI and other threats becoming more rampant, the US government has required implementing a framework that better addresses cybersecurity challenges for the private sector. The update has unveiled some meaningful changes and has received positive reactions from the…
Cybersecurity posture

Why Should Companies Invest in Growing Their Cybersecurity Posture?

Cybercrime is predicted to cost the world a whopping $10.5 trillion annually by 2025, warns Forbes in their latest article.  With diverse and increasingly terrifying cybersecurity challenges in the offing, organizations must invest in protecting their businesses from falling prey to the evolving tactics used by fraudsters.  If you are still undecided or don’t think…
HIPAA Compliant Email

How to Send HIPAA Compliant Email? An Ultimate Guide

Imagine this. You have built HIPAA-compliant software, trained your staff, and have a dedicated HIPAA compliance officer to oversee your compliance requirements.  But you can still get pulled up by the Office of Civil Rights (OCR) if your email isn’t HIPAA compliant! Is your email HIPAA compliant? This is what we are going to discuss…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.