Absolutely, and it’s usually up to the organization disposing of the drives to set and document the standard by which they abide.
Comment on Here is what 6 decommissioned servers looks like. My Jellyfin will be very happy
brbposting@sh.itjust.works 8 months agoDo you think it’s possible for old decommissioned drives to be donated in a compliant manner?
Reference for others:
ISO/IEC 27001 is an international standard to manage information security. … It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard’s requirements can choose to be certified by an accredited certification body following successful completion of an audit.
unwillingsomnambulist@midwest.social 7 months ago
brbposting@sh.itjust.works 7 months ago
Thanks :)
stevestevesteve@lemmy.world 8 months ago
It certainly is. ISO 27001 is a framework, not very prescriptive at all. Basically an auditor will ask “how do you ensure data isn’t leaving your facility in the form of discarded hardware?” If you say “here’s a link to our media destruction policy. It says all drives are wiped according to NIST 800-88 cryptographic erasure. If that is not possible or not applicable, the drive is destroyed. Here’s our log of decomissioned equipment” chances are very good they’ll say “OK great let’s move on to the next one” with only minor followup questions.
brbposting@sh.itjust.works 8 months ago
👏
I recognize there’s a likelihood you are usually being paid for answers like that. Thank you for satisfying my curiosity for free :)