ISO 27001 Annex : A.8.3 Media Handling
ISO 27001 Annex : A.8.3 Media Handling Its objective is to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media.
A.8.3.1 Management of Removable Media
Control- Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization.
Implementation Guidance- The following guidelines should be considered for the management of removable media:
- If not needed, the contents of any reusable media that are to be removed from the organization should be made unrecoverable;
- Where applicable and practicable, authorization should be needed for the removal of media from the company and a record of these removals should be maintained in order to preserve the audit trail;
- In compliance with manufacturers’ standards, all media should be kept in a secure and safe environment;
- Where confidentiality or integrity of data is important, cryptographic techniques for securing data on removable media must be used;
- In order to minimize the possibility of media loss when storage data is still needed, the data should be moved to fresh media before being unreadable;
- Multiple copies of important data should be stored in different media to further reduce the possibility of accidental data damage or loss;
- Registration of removable media should be taken into account to limit the possibility of data loss;
- Removable media drives should only be allowed if there is a business purpose to do so;
- Where there is a requirement for the use of disposable media, the movement of data to such media will be supervised.
Where there is a need to use disposable media, the transition of data to such devices will be monitored. Procedures and levels of approval will be reported.
Related Product : ISO 27001 Lead Auditor Training And Certification ISMS
A.8.3.2 Disposal of Media
Control- When not required by specific protocols, media should be disposed of securely.
Implementation Guidance- Formal protocols for the secure disposal of media should be established to reduce the possibility of leakage of sensitive information to unauthorized persons. The protocols for the secure processing of sensitive information media should be proportionate to the sensitivity of that material.
Following should be taken into account:-
- Confidential media should be processed and disposed of safely through, e.g. by incineration or shredding, or data erasure for use by another application within an organization.
- Procedures should be in place to identify the items that could need safe disposal
- Instead of trying to isolate important objects, it could be better to plan to safely collect and dispose of all media items;
- Many organizations offer media collection and disposal services; care must be taken to select a suitable external party with adequate controls and experience;
- In order to maintain an audit trail, the disposal of confidential items will be logged.
The aggregation effect should be taken into account when collecting media for disposal, and a large number of sensitive information can become vulnerable.
For a healthy business, identifying the assets, making an inventory of the assets, and then secure disposal. At Infosavvy we have our trainers as our assets who are skilled and well-trained in various courses in the field of information security and we are also eligible for one of the most important certificates in the area of information security. i.e. IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (TĂśV SĂśD Certification) . Our trainers can empower you to do better asset management by providing you with in-depth information and numerous examples for the same, helping the applicant to improve their skills and do well.
Other Information- Damaged devices containing sensitive data can require a risk assessment to evaluate the physical loss of objects instead of being sent to them for repair or discharge.
A.8.3.3 Physical Media Transfer
Control- Information media should be protected from unauthorized access, misuse or corruption during transportation.
Implementation Guidance- For the safety of media containing information transported, the following guidelines should be considered:
- Reliable transport or the use of couriers;
- Management should agree on a list of authorized couriers;
- procedures should be established for verifying courier identification;
- Packaging should probably be sufficient to safeguard the content from any physical damage likely to occur during transit and to protect the content against environmental factors such as exposure to heat, humidity, or electromagnetic fields which could reduce media recovering efficiency.
- Logs should be maintained, the content of the media should be established, the security applied, and times of transfer to custodians and reception should be reported at the destination.
--------------------------------------------------------------------------------------------------------------------------
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
Comments
Post a Comment