Today, media-devices are less normal than they were a few years prior, on the grounds that the present pattern is the cloud, despite the fact that there are still many individuals utilizing pen drives, outer hard drives, and so on. What’s more, obviously, all the data in the cloud is eventually put away on a server, i.e., its hard circle, which is likewise a media gadget. As you will see later in the article, media gadgets should be discarded safely.
ISO 27001 Certification is a worldwide standard for the assurance of data, and we will perceive how this standard can assist us with the transfer of media devices.
Initially, how about we recognize what media we have to deal with, just as why and how we can safely discard them.
What are media?
Thinking about that, in ISO 27001 Certification, the most significant thing is the data, we have to deal with the media that we are utilizing to store the data. Be that as it may, I’m not catching my meaning by “media”?
For the most part, in this unique situation, a medium is a gadget that is utilized for putting away data, so media would incorporate hard drives, USB pen drives, outside hard drives, CDs, DVDs, and so on.
A great deal of organizations have a technique for the arrangement of their information, in light of the fact that not all media have a similar information, and not the majority of the information has a similar incentive for the business. For instance, there is a major contrast between a USB pen drive containing a PDF record with an introduction of the business (which can be considered as open data), and a USB pen drive containing the organization’s database of customers (which can be considered as private).
Along these lines, we have to characterize the data, and in Annex An of ISO 27001 Certification we have the control A.8.2.1 Classification of data, which can help us for this reason. You can discover more data about this here: Information order as indicated by ISO 27001 Certification.
Clearly, if the data is open, we can share it in the open space, on the grounds that there isn’t a danger of secret data spillage.
Yet, on the off chance that the information isn’t open (classified, limited, interior, and so forth.), we have to store and discard it in a safe manner, since it can convey a danger of private data spillage, which can annihilate the business, just as indicating rebelliousness with legitimate guidelines (like the GDPR).
5-tips for disposing of media
In the event that you have a media gadget putting away information classified (or some other basic level for the business), as we have seen already, there are dangers identified with it. Fortunately you can deal with this hazard, utilizing a hazard evaluation and treatment technique. This article may enthusiasm for you.
We should see a simple model about how to treat this hazard. You have a benefit, which is, for instance, a hard drive containing classified data about the business. This hard drive was introduced on a data framework (a server), however you chose to move data to another data framework, e.g., to another server or to the cloud. This unique hard drive will be utilized for another reason and, subsequent to replicating all information, you have to deal with the first data, which ought not be gotten to by unapproved individuals.
For the treatment of this hazard, you can lessen it by actualizing ISO 27001 Certification control A.8.3.2 Disposal of media security control, and here are some basic approaches to execute this security control:
- Physically devastate the media. You can do this, for instance, by cremation or destroying, and so on. This physical devastation is additionally relevant to harmed gadgets. Be that as it may, be cautious, in light of the fact that a harmed media gadget can likewise have delicate data that could be reestablished, so to stay away from this, you ought to obliterate it physically.
- Securely erase the information. There are programming apparatuses that you can use to overwrite the data, or to erase it in a protected manner.
- Select an outer gathering. There are many number of organizations giving the administration of demolition of your media, however here you have to take care with the determination of the supplier by characterizing a non-divulgence agreement.
- Avoid the total impact. It is better on the off chance that you abstain from having a great deal of media containing non-delicate data, since something inside the gathering could become sensitive information.
- Register the transfer: Registering the transfer furnishes you with valuable data for review trails (what media has been decimated, or what media is reusable, and so on.).
My preferred method
I have left the best for the end, since now you know the basic ways for the transfer of media, however now I will enlighten you concerning my preferred strategy.
As Lead Auditor, I have evaluated a great deal of organizations around the globe, and I have seen organizations erasing data and discarding data utilizing private programming arrangements, which, sometimes, are costly. In different cases, a few organizations are choosing outer suppliers that are specialists in the administration of transfer, yet this likewise has an expense.
My preferred method is easy and free:
- Encrypt the whole hard plate, utilizing a solid calculation and utilizing an extensive secret word.
- Delete all the information in a secure way, using software solutions (there are a lot of free solutions).
- Delete all the data in a protected manner, utilizing programming arrangements (there are a great deal of free arrangements).
- Physically destroy the media device (incineration or shredding, etc.).
In reality, this method would only be applicable to the most critical and sensitive data, and for data with less criticality, only one of these methods will be enough.
Keep calm and sleep well
In the event that you play out these means sufficiently, it is difficult to recoup the data – so you can try to avoid panicking and sleep well.
ISO 27001 Certification can be a decent apparatus for the safe transfer of media containing secret data, since it can enable you to distinguish the dangers, treat them, and execute security controls to discard the media in a protected manner. Along these lines, in the event that you need to try to avoid panicking, use ISO 27001 Certification as an instrument, and recollect my favored technique for the transfer!
Read Related Blog –