Controls

Terug naar overzicht
Version

SB.6.008 Organizational Data Deletion

Data Protection
Low
nvt
nvt
System Owner
v2.0 (Q1 2024)

Description

After the retention period or when the data medium is decommissioned, lost or repurposed, organisation data is deleted.

End users receive sufficient warning before data is deleted.

Specification

Deletion of data takes place according to NIST Guidelines for Media Sanitization: https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final, depending on the sensitivity of the data:

  1. Low / 1. Medium: level Clear or higher
  2. High: Purge or higher

Purging of sensitive data mediums is done by a trusted supplier. Certificates of destruction must be available for the destruction of highly sensitive data.

Destruction of encryption keys is considered equivalent to data purging.