Skip to content

Secure Data Erasure according to ISO 27001

Secure Data Erasure according to ISO 27001

ISO 27001 is an international framework that sets out the requirements for an information security management system (ISMS), helping organizations protect information effectively by adopting a risk management process.

Access Controls and Removable Media Management

Control A.11.2: Access Management

  • Definition and Scope: This control focuses on ensuring that access to information and information processing functions is granted only to authorized users. The standard specifies the need to implement secure and controlled access management, which includes the registration, authorization and management of user access rights to systems and services.
  • Implementation: Organizations must establish, document and review access management procedures. This includes assigning access rights in accordance with the organization's access control policy and ensuring that these rights are granted only after appropriate authorization.

Control A.11.2.7: Removable Media Management

  • Definition and Scope: This control deals specifically with the management of removable media. It requires organizations to implement procedures for the handling and use of removable media, such as USB drives, external hard drives and DVDs, in a secure manner. This is crucial to prevent the loss, theft or damage of information stored on these media.
  • Implementation: Policies and procedures must be established to control the authorization and use of removable media. This includes measures for secure erasure of data on removable media before their disposal or reuse, ensuring that sensitive information cannot be recovered by unauthorized users.

Verification and Documentation

ISO 27001 places great emphasis on adequate documentation of the policies, procedures and controls implemented by the organization. This includes documenting the access management process and the use of removable media to ensure that information security practices are followed.

It is essential to carry out periodic reviews and verifications of access rights and removable media management policies to ensure their effectiveness and conformity with ISMS requirements. This may include internal audits and security reviews to evaluate the implementation and compliance of the established controls.

Compliance and Auditing

Internal and External Audits

ISO 27001 requires organizations to conduct regular internal audits to evaluate the effectiveness of the ISMS and specific controls such as A.11.2 and A.11.2.7. In addition, external audits, conducted by certified auditors, are crucial for the certification and maintenance of the ISMS under ISO 27001.

Demonstration of Compliance

Detailed documentation and verification records serve as evidence during audits to demonstrate the organization's compliance with ISO 27001. This includes evidence of adequate access management and security in the use of removable media, as well as the actions taken to correct any identified non-conformity.

Importance of Continuous Improvement

The ISO 27001 standard not only focuses on current compliance, but also on the continuous improvement of the ISMS. Audits and periodic reviews are opportunities to identify areas for improvement and apply corrective actions to further strengthen information security.

Related Blancco Products

Blancco Drive Eraser

Blancco Drive Eraser

Blancco File Eraser

Blancco File Eraser

Blancco Virtual Machine Eraser

Blancco Virtual Machine Eraser

Blancco LUN Eraser

Blancco LUN Eraser

Other Secure Erasure Compliance Guides