A Secure Destruction Checklist
With the General Data Protection Regulation (GDPR) in full swing, it is important to review and update the secure destruction process in place within your organisation. It’s not just unwanted paper files that need to be securely destroyed, but also any IT/media including hard drives, USB sticks, laptops, tablets, mobile phones, CDs and data tapes. It is vital that your secure destruction process poses no risk to your firm’s reputation.
ADDS has compiled a list of questions that anyone wanting to become a secure destruction advocate should ask themselves:
- Do you regularly inspect desk bins to make sure there is no paperwork with any form of data on it being placed in normal bins?
- Do you inspect paper recycling bins to ensure that these bins aren’t being used to dump sensitive information?
- If you have an in-house shredder, is there a set process and policy that not only makes sure the shredded paper is checked after (it must be unrecognisable), but that high health and safety levels are maintained at all times?
- Is using the shredder listed on the new team induction tick-list to make sure everyone is fully trained?
- Do you regularly have refresher training on data breaches and how to prevent them?
- Do these refresher courses include the whole firm?
- Do these refresher courses include your secure destruction process and training?
- If you outsource your shredding, are you provided with a secure destruction certificate as evidence it has been shredded?
- Is the service provider you use audited, such as ISO 27001?
- Are you using onsite, locked secure destruction bins or sacks provided by your supplier?
- Do all members of the team know how to securely seal a sack before it is sent offsite?
- Is there a clear process in place when an employee wants to destroy an old USB stick, mobile phone, data tape, laptop etc.?
- Is unwanted IT/media wiped, or is it sent to a secure destruction provider to be shredded?
- Does your secure destruction provider issue you with a secure destruction certificate when it is shredded?
We know that all these questions are a lot to think about, but if the answer to any of these questions is ‘no’, then you should consider getting a clear secure destruction process in place, one that is shared with all employees.
To arrange a free consultation regarding your secure destruction process, just email firstname.lastname@example.org and she will be happy to help.