Secure destruction of confidential and sensitive material - Code of practice

This document provides recommendations and requirements for the procedures, processes and performance monitoring to be implemented for the management and control of the physical destruction of confidential and sensitive material to ensure that such material is disposed of securely and safely. This document can be referenced by anyone who processes such material on behalf of others and covers the following scenarios: - on site - using mobile equipment at the location of use (destruction equipment is brought to the confidential or sensitive material); - off site - transport followed by destruction using equipment at a destruction facility (the confidential or sensitive material is brought to the destruction equipment, such as used at a dedicated external facility operated by a service provider); - use of equipment at the Data Controller’s location (confidential or sensitive material and destruction equipment co-located, such as a shredder in a building occupied by a client or clients). Destruction by erasure (e.g. crypto erasure, data overwriting, degaussing or other forms of magnetic/electronic erasure) is not covered in this document.
ΚΩΔΙΚΟΣ ΠΡΟΪΟΝΤΟΣ: CYS EN 15713:2023
€97.00
This document provides recommendations and requirements for the procedures, processes and performance monitoring to be implemented for the management and control of the physical destruction of confidential and sensitive material to ensure that such material is disposed of securely and safely. This document can be referenced by anyone who processes such material on behalf of others and covers the following scenarios: - on site - using mobile equipment at the location of use (destruction equipment is brought to the confidential or sensitive material); - off site - transport followed by destruction using equipment at a destruction facility (the confidential or sensitive material is brought to the destruction equipment, such as used at a dedicated external facility operated by a service provider); - use of equipment at the Data Controller’s location (confidential or sensitive material and destruction equipment co-located, such as a shredder in a building occupied by a client or clients). Destruction by erasure (e.g. crypto erasure, data overwriting, degaussing or other forms of magnetic/electronic erasure) is not covered in this document.