Physical destruction of sensitive information
Article Summary
The disposal of media that has been used to store or process sensitive information is often undertaken using physical destruction methods. Those responsible for information security should be familiar with best practice guidance on the need for physical destruction, the development of robust procedures and appropriate destruction equipment suppliers and service providers.
What are the threats to the disposal process?
Threats to the disposal process can range from forcible attack to more sophisticated surreptitious methods and can occur before, during or after the destruction process. For example:
- Accidental loss;
- Emergency abandonment (individual, vehicle or building);
- Espionage (commercial or state sponsored);
- Hijack or vehicle theft (from site or during transportation);
- Insider attack (e.g. disgruntled employees or investigative journalists);
- Theft (from site, vehicle, storage or destruction facility).
How do I asses the strengths and weaknesses of my physical destruction procedures?
Once the nature of the threat is understood, practitioners should take a methodical and carefully considered approach to determine the most appropriate and proportionate destruction procedures.
Organisations disposing of information such as company records, financial data or customer details should follow internal company procedures or may wish to refer to BS EN 15713 – Secure destruction of confidential material. Code of practice. Those disposing of information deemed to be sensitive to the critical national infrastructure should seek advice from their head of security.
How can I mitigate the risk of sensitive information falling into the wrong hands?
Based on the structured assessment of the need, a number of options should be considered to achieve the desired balance between security and operational effectiveness. For example:
- Confirm the highest level of sensitivity of information to be disposed;
- Identify the type of storage media – the type of media will determine the most suitable methods of destruction;
- Storage of sensitive assets – on-site will require storage in a suitably secure location. Off-site will also require secure storage; service providers should inform customers if secure storage is available and to what level;
- Method of destruction – a number of options are available with specific advantages and drawbacks that should be matched to the project operational requirements;
- Location of destruction facilities – on-site will require either the purchase or hire of destruction equipment, or contracting of a service provider with a mobile destruction facility. Off-site will require the support of a service provider;
- Transportation – consider appropriate communication, handling in transit procedures, manning level, vehicle tracking etc;
- Personal escort and/or witnessing of physical destruction – can provide an extra level of confidence but will also require staff time;
- Vetting – all those involved in the disposal process should be vetted to the appropriate level;
- Audit trail and records keeping – provide confirmation and assurance that material has been disposed of according to the agreed requirements.