The organization has defined procedures for the safe disposal of laptops that are no longer required.
Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.
When offering cloud services, the organisation must have procedures in place for safe disposal or potential reuse of resources utilized in service providing, such as:
When utilizing cloud services, the customer organisation should ensure secure disposal by requesting confirmation of these procedures from the cloud service provider.
Unnecessary media should be disposed of in a safe, industry-accepted manner (such as by incineration, shredding or wiping) in accordance with formal procedures. Media that requires safe disposal must be clearly marked.
Data destroyed in accordance with the process should not be recoverable, even by forensic means.
The organization should define policies, processes or technical measures to handle the loss, misuse, damaging and theft of organizational assets. These could include the following:
When removable media is an important part of an organisation's operations, more specific rules have been defined for securing removable media and the information they contain.