How do you securely dispose of storage media?

Secure disposal requires a formal process that renders data unrecoverable. Use Jira to track the chain of custody for decommissioning. Obtain and store destruction certificates from approved vendors. Digital logs in your native repository provide the best audit evidence.

How should storage media be transported?

Media transport must follow documented security rules to prevent interception. Use encrypted devices for all data transfers. Log every instance of media removal in a SharePoint-based tracker. This proves management oversight during the audit process.

ISO 27001:2022 Annex A 7.10 Guide

Q: What is ISO 27001 Annex A 7.10?

Annex A 7.10 governs the management of physical and digital storage media. It requires documented procedures for media acquisition, use, and disposal. Organisations must protect media from unauthorised access or damage. We advocate using internal tools like SharePoint to maintain these records.

What is ISO 27001 Annex A 7.10 in ISO 27001?

ISO 27001 Annex A 7.10 governs the lifecycle of physical and digital storage media. Organisations manage media through documented procedures within SharePoint. These rules cover acquisition, use, transportation, and disposal. Integration into existing document systems ensures accountability. It prevents unauthorised access or data leakage from portable devices.

Auditor’s Eye: The Shortcut Trap

Automated SaaS platforms often display a green tick for media handling. This masks serious physical security failures. Auditors find hard drives in unlocked drawers while the dashboard claims compliance. We prefer seeing disposal certificates in your native SharePoint folders. A platform dashboard cannot verify a physical shredding event. Internal records prove genuine management oversight. You must own the process within your existing operational tools.

ISO 27001:2013 Reference	ISO 27001:2022 Reference	Key Focus Areas
Annex A 11.2.7 & 11.2.8	Annex A 7.10	Media management and secure disposal merged for clarity.

How to Implement ISO 27001 Annex A 7.10 (Step-by-Step)

Secure storage media by integrating controls into your primary business tools. This method ensures staff follow rules during daily work. Frame the implementation as a cultural change. Do not treat it as a software installation.

Draft your media handling policy and store it in SharePoint.
Define encryption requirements for all portable storage devices.
Create a media register using a SharePoint list or internal wiki.
Use Jira to log every media disposal or transport request.
Schedule monthly reviews of media logs in management meetings.

ISO 27001 Annex A 7.10 Audit Evidence Checklist

Focus on manual records and internal document versions. These prove human oversight and intent. Auditors check for consistency between your registers and physical reality.

Media handling policy with a clear SharePoint version history.
A complete register of storage media kept in Confluence.
Jira tickets showing the decommissioning of old servers.
Destruction certificates signed by an authorised service provider.
Internal audit reports on physical media storage locations.

Relational Mapping

Control A 7.10 connects to several other ISO 27001 requirements:

Clause 8.1 (Operational Planning): Directs the management of media lifecycles.
Annex A 5.9 (Inventory of Information): Provides the basis for the media register.
Annex A 8.10 (Information Deletion): Governs the digital cleansing of media.

Auditor Interview: Direct Process Management

Auditor: How do you track a USB drive leaving the office?

Manager: We use a Jira request system. The staff member logs the serial number and the return date.

Auditor: How do you ensure the data is safe during transport?

Manager: Our SharePoint policy mandates BitLocker encryption. We audit this through our standard endpoint management tool.

Common Non-Conformities

Failure Mode	Description	Corrective Action
Automated Complacency	Relying on a SaaS platform tick without physical evidence.	Conduct site inspections and log them in SharePoint.
Missing Disposal Logs	No record of where old hard drives went.	Implement a Jira disposal workflow with certificate uploads.
Unencrypted Media	Portable drives lack mandatory encryption protocols.	Enforce technical policies and update the Confluence wiki.

Frequently Asked Questions

What is ISO 27001 Annex A 7.10?

The Bottom Line: It is the requirement to manage storage media throughout its life. You must secure media during use, transport, and disposal. Document these procedures in your internal SharePoint. This ensures your organisation maintains control over sensitive data carriers.

How do I manage the media disposal process?

The Bottom Line: Use Jira to track the decommissioning of assets. Record every step from the request to final destruction. Upload certificates to your internal document system. This provides a clear audit trail of your secure disposal activities.

Why is a document-based management system better?

The Bottom Line: It integrates security into your actual daily workflows. Auditors trust records kept in SharePoint or Confluence more than external dashboards. It proves your team actively manages media risks. This reduces the danger of surface-level compliance failures.

LA CASA DE CERTIFICACIÓN