Information Security Policies are high level statements documenting managements intention regarding information security. I am starting a series today, where I will be discussing various policies which are included in an high level security policy.

The Policy Statement for Discarding Old Equipment can be something like ......."Computers/Equipment owned by the enterprise should be disposed only by authorized personnel. Before disposing off sensitve equipment, authorized personnel should ensure that relevant security risks have been mitigated".

Such a policy can be very useful ehrn computer equipment is being disposed. Some important issues one must consider while drafting the policy might include, backup of old data before disposing, compromise of confidentility of old data, accidental disposal of equipment etc. Remember, policiies for data / media disposal should be organization specific. Adequate should be taken to ensure that drafted policy indeed meets the requirements of the organization.

More on Information Security >>

>> ISO OSI Layers
>> 7 Steps for Better Security
>> Parkinson's Law of Data
>> Confidentiality, Integrity & Availability