Comment

Comment on Here is what 6 decommissioned servers looks like. My Jellyfin will be very happy

<- View Parent

unwillingsomnambulist@midwest.social ⁨4⁩ ⁨months⁩ ago

Somewhere, an ISO27001 auditor’s jimmies started rustling.

source

Sort:hotnew top

brbposting@sh.itjust.works ⁨4⁩ ⁨months⁩ ago
Do you think it’s possible for old decommissioned drives to be donated in a compliant manner?

Reference for others:

ISO/IEC 27001 is an international standard to manage information security. … It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard’s requirements can choose to be certified by an accredited certification body following successful completion of an audit.

source
- stevestevesteve@lemmy.world ⁨4⁩ ⁨months⁩ ago
  It certainly is. ISO 27001 is a framework, not very prescriptive at all. Basically an auditor will ask “how do you ensure data isn’t leaving your facility in the form of discarded hardware?” If you say “here’s a link to our media destruction policy. It says all drives are wiped according to NIST 800-88 cryptographic erasure. If that is not possible or not applicable, the drive is destroyed. Here’s our log of decomissioned equipment” chances are very good they’ll say “OK great let’s move on to the next one” with only minor followup questions.
  
  source
  - brbposting@sh.itjust.works ⁨4⁩ ⁨months⁩ ago
    👏
    
    I recognize there’s a likelihood you are usually being paid for answers like that. Thank you for satisfying my curiosity for free :)
    
    source
- unwillingsomnambulist@midwest.social ⁨4⁩ ⁨months⁩ ago
  Absolutely, and it’s usually up to the organization disposing of the drives to set and document the standard by which they abide.
  
  source
  - brbposting@sh.itjust.works ⁨4⁩ ⁨months⁩ ago
    Thanks :)
    
    source