• 0 Posts
  • 1 Comment
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle
  • It certainly is. ISO 27001 is a framework, not very prescriptive at all. Basically an auditor will ask “how do you ensure data isn’t leaving your facility in the form of discarded hardware?” If you say “here’s a link to our media destruction policy. It says all drives are wiped according to NIST 800-88 cryptographic erasure. If that is not possible or not applicable, the drive is destroyed. Here’s our log of decomissioned equipment” chances are very good they’ll say “OK great let’s move on to the next one” with only minor followup questions.