SB.6.003 Remote Wipe of Organizational Data
It is possible for organisational data to be deleted from devices remotely by a device management system, if they actively make a connection or based on an interval without any connection.
Encrypted data to which the keys are made unrecoverable complies with this standard.
Deletion of data follows NIST Guidelines for Media Sanitization for the level ‘Clear’ or higher: https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
The recommended period to wipe data after devices have not made a connection should be set taking into account common use-cases, such as employees who regularly spend longer periods without a connection. Employees should be made aware of these restrictions on managed devices on a regular basis.