Content library
CyberFundamentals (Belgium)
PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.

How to fill the requirement

CyberFundamentals (Belgium)

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.

Task name
Priority
Status
Theme
Policy
Other requirements
Safe disposal of laptops
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Mobile device management
requirements

Task is fulfilling also these other security requirements

8.3.2: Disposal of media
ISO27 Full
11.2.7: Secure disposal or re-use of equipment
ISO27 Full
PR.DS-3: Asset management
NIST
TEK-21: Sähköisessä muodossa olevien tietojen tuhoaminen
Julkri
7.10: Storage media
ISO27k1 Full
1. Task description

The organization has defined procedures for the safe disposal of laptops that are no longer required.

Personnel guidelines for safe disposal of paper data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Non-electronic data and copies
requirements

Task is fulfilling also these other security requirements

I17: Salassa pidettävien tietojen jäljentäminen - Tulostus ja kopiointi
Katakri
8.3.2: Disposal of media
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
A.11.7: Secure disposal of hardcopy materials
ISO 27018
PR.DS-3: Asset management
NIST
1. Task description

Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.

Secure disposal of cloud service specific resources
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Cloud service management
requirements

Task is fulfilling also these other security requirements

11: Physical and environmental security
ISO 27017
11.2: Equipment
ISO 27017
11.2.7: Secure disposal or re-use of equipment
ISO 27017
PR.DS-3: Asset management
NIST
PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.
CyFun
1. Task description

When offering cloud services, the organisation must have procedures in place for safe disposal or potential reuse of resources utilized in service providing, such as:

  • Equipment
  • Devices
  • Data storage
  • Files
  • Memory

When utilizing cloud services, the customer organisation should ensure secure disposal by requesting confirmation of these procedures from the cloud service provider.

Process for secure disposal of removable media containing confidential information
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Removable media
requirements

Task is fulfilling also these other security requirements

8.3.2: Disposal of media
ISO27 Full
A.11.7: Secure disposal of hardcopy materials
ISO 27018
11.2.7: Secure disposal or re-use of equipment
ISO27 Full
PR.DS-3: Asset management
NIST
PR.IP-6: Data destruction
NIST
1. Task description

Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.

Data destroyed in accordance with the process should not be recoverable, even by forensic means.

Handling the loss, misuse, damage and theft of assets
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
requirements

Task is fulfilling also these other security requirements

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.
CyFun
1. Task description

The organization should define policies, processes or technical measures to handle the loss, misuse, damaging and theft of organizational assets. These could include the following:

  • Reporting process
  • Guidelines and manuals
  • Asset and inventory tracking
  • Insurance
  • Regular audits
  • Access control
  • Device hardening
  • Training and awareness programs
  • Mobile device management
  • Data encryption and protection
  • Physical security
Detailed rules for the management of removable media
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Removable media
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
13.2.1: Information transfer policies and procedures
ISO27 Full
13: Communications security
ISO 27018
1. Task description

When removable media is an important part of an organisation's operations, more specific rules have been defined for securing removable media and the information they contain.

  • when a removable media is transferred outside the organization, it is impossible to restore its contents if the content is no longer needed;
  • the transfer of media from the organization required a permiossion and all transfers will be logged
  • removable media are protected by encryption when the confidentiality and integrity of the information is important
  • information on removable media is regularly passed on to unused media so that the media does not deteriorate and the data becomes unreadable before that time;
  • multiple copies of valuable data are stored on different media to reduce the risk of simultaneous data damage or loss
No items found.