SI-12(3): Information Disposal

PF v1.0 References:

Baselines:

  • Privacy
Info icon.

Control is new to this version of the control set.

Control Statement

Use the following techniques to dispose of, destroy, or erase information following the retention period: [Assignment: organization-defined techniques].

Supplemental Guidance

Organizations can minimize both security and privacy risks by disposing of information when it is no longer needed. The disposal or destruction of information applies to originals as well as copies and archived records, including system logs that may contain personally identifiable information.