Back

Include disposal procedures in disposal contracts.


CONTROL ID
13905
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain disposal contracts., CC ID: 12199

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • When outsourcing the disposal of systems to third parties, it is necessary to do the same as above. In this case, it is recommended that a confidentiality agreement be concluded. (P83.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Banks need appropriate disposal procedures for both electronic and paper based media. Contracts with third-party disposal firms should address acceptable disposal procedures. For computer media, data frequently remains on media after erasure. Since that data can be recovered, additional disposal tec… (Critical components of information security 15) vii., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)