Sprinto Dashboard

Media Disposal Policy

1 Objective

Secure disposal of electronic and physical media adds a layer of protection to prevent critical data from being exposed to unauthorized individuals. This policy aims to mitigate the risk of unauthorized data recovery. It demonstrates to customers, <Company Name> staff, and other partners that <Company Name> protects their data even after it has fulfilled its purpose.

2 Scope

This policy applies to all <Company Name> issued devices or equipment that process, store, transmit, or serve as an access point for any critical data. Specifically, it applies to company-issued laptops/workstations that are being permanently decommissioned.

3 Policy Statement

To securely dispose of company-issued laptops/workstations, the following steps can be followed:

  • Encrypt the entire hard disk using a robust algorithm and a lengthy password.

  • Securely delete all information by using software solutions.

  • Physically destroy the device through methods such as incineration or shredding.

  • It is recommended to use all three methods for extremely critical and sensitive data.

  • For data with lower levels of criticality, one of these methods is sufficient.

4 Document Security Classification

Company Internal (please refer to the Data Classification policy for more details).

5 Non-Compliance

Compliance with this policy shall be verified through various methods, including but not limited to automated reporting, audits, and feedback to the policy owner. Any staff member found to be in violation of this policy may be subject to disciplinary action, up to and including termination of employment or contractual agreement. The disciplinary action shall depend on the extent, intent, and repercussions of the specific violation.

6 Responsibilities

The Information Security Officer is responsible for approving and reviewing policy and related procedures. Supporting functions, departments, and staff members shall be responsible for implementing the relevant sections of the policy in their area of operation.

7 Schedule

This document shall be reviewed annually and whenever significant changes occur within the organization.

PreviousInformation Security PolicyNextVendor Management Policy

Last updated