Disposal and Destruction Policy

Contents

1.      Purpose, scope and users                                                                                                               3

2.      Disposal and destruction of equipment and media                                                                 3

2.1.       Computer Equipment                                                                                                                3

2.2.       Mobile storage media                                                                                                               3

2.3.       Paper media                                                                                                                                  3

2.4.       Erasure and destruction records; commission for the destruction of information                                                                                                                                               3

3.      Document management                                                                                                                     4

4.      Version history                                                                                                                                        4

1.    Purpose, scope and users

The purpose of this document is to ensure that information stored on equipment and media (whether digital or paper format) is safely destroyed or erased.

This document is applied to the entire Information Security Management System (ISMS) scope, i.e. to all the information and communication technology as well as to the documentation within the scope.

Users of this document are all employees of Accellier.

2.    Disposal and destruction of equipment and media

All data and licensed software stored on local hardware, Google Drive and other must be erased or the medium destroyed before it is disposed of or reused. 

2.1.         Computer Equipment

The IT department is responsible for checking and erasing data from equipment unless the Information Classification Policy prescribes differently. Data must be erased using a recognised standard, for example NCSC certified products.

If the process is not secure enough considering the sensitivity of the data, then the storage medium must be destroyed.

2.2.         Mobile storage media

Mobile storage media (i.e. USB) are blocked via JumpCloud, therefore mobile storage is not possible.

In the unlikely event that mobile storage is used, users are responsible for erasing data from mobile storage media, unless the Information Classification Policy prescribes differently.

If the erasure process is not secure enough considering the sensitivity of the data, then the storage medium must be destroyed.

2.3.         Paper media

Employees of the organisation handling individual documents are responsible for destroying paper documents, unless the Information Classification Policy prescribes differently. Paper documents with a classification other than PUBLIC should be destroyed in paper shredders or confidential waste bins where available.

2.4.         Erasure and destruction records; commission for the destruction of information

Records of erasure/destruction must be kept for all data classified as "Confidential."  Records must include the following information: information about the media, date of erasure/destruction, method of erasure/destruction, person who carried out the process.

3.    Document management

This policy shall be available to all Accellier Employees and any Third Parties where required. The policy must be reviewed and, if necessary, updated at least once a year. Notice of significant revisions shall be provided to Accellier Employees via email.

4.    Version history