National Security Scheme (ENS)

Erasure and Destruction Requirements [mp.si.5]

Point 5.5.5 of the ENS, labeled [mp.si.5], specifies the requirements for the secure erasure and destruction of information, in order to prevent the recovery or reconstruction of sensitive data once it has been decided its elimination. This process is essential to ensure that personal data and sensitive information are not accessible once they are no longer needed.

Secure Erase Implementation

To comply with the ENS, entities must adopt erasure methods that ensure the definitive deletion of data. This includes:

• Use specialized software that meets recognized standards for secure data erasure.
• Apply physical destruction techniques to storage media that will be discarded, ensuring that they cannot be reconstructed or reused.

Verification and Documentation

It is essential that organizations implement procedures to verify that data erasure and destruction have been carried out correctly. Additionally, they must maintain detailed documentation of the deletion process, including the methods used and confirmation that the data has indeed been deleted.

Compliance and Audit

Adhering to this requirement not only protects sensitive information but also ensures compliance with data protection regulations. Entities must be prepared to demonstrate, in the event of an audit, that they have implemented secure data erasure practices in accordance to the standards established by the ENS.

Related Blancco Products

Blancco Drive Eraser Blancco File Eraser

Other Secure Erasure Compliance Guides

• ISO 27001: : Information Security Management System
• ISO/IEC 27040:2015: Information Storage Security
• General Data Protection Regulation (GDPR)
• National Institute of Standards and Technology (NIST 800-88)
• Payment Card Industry Data Security Standard (PCI DSS)