ISO/IEC 27001 Control 7.14: Secure disposal or re-use of equipment

Control

Items of equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provide mechanisms to manage non-human identities, which can be used to track equipment and its reuse.

Implementation Details

MidPoint can manage non-human identities, such as identities for mobile devices and other equipment. MidPoint can maintain inventory of the devices and other equipment, track its possession and re-use. MidPoint can automatically manage permissions necessary for the devices to access information in applications (technical accounts), automatically provisioning and de-provisioning the access. Audit trail can be used to record changes in device possession, keeping a log of device transfers.

Rationale

This control is mostly about physical security, which is out of reach of midPoint. However, midPoint can provide capabilities to inventory and manage mobile device identities.

Was this page helpful?
YES NO
Thanks for your feedback