top of page

Control 8.10: Information Deletion - Erasing Digital Footprints

In the age of information, what's no longer needed can be just as important as what is. Control 8.10, "Information Deletion," focuses on the responsible and secure removal of data stored in information systems, devices, and storage media. Join me as we explore the significance of this control in safeguarding sensitive information, complying with data protection regulations, and reducing digital clutter.

Clearing the Digital Slate

Think of Control 8.10 as the digital equivalent of decluttering your workspace. Just as you wouldn't keep unnecessary items lying around, this control emphasises the importance of purging data that no longer serves a purpose. Whether it's outdated files, obsolete records, or redundant information, proper data deletion is crucial for maintaining a lean and secure digital environment.

Safeguarding Sensitive Information

As an ISO 27001 Lead Auditor, I've witnessed the impact of lax data deletion practices. When sensitive information is no longer needed, retaining it can pose significant security risks. Control 8.10 ensures that data is deleted in a manner that prevents unauthorised access. This is especially important when disposing of devices or transferring equipment to new users.

Compliance with Data Protection Regulations

In an era of stringent data protection regulations like GDPR and CCPA, Control 8.10 plays a crucial role in compliance. Organisations must demonstrate that they handle data responsibly throughout its lifecycle. Proper data deletion is a key component of these requirements, ensuring that personal and sensitive information is not retained longer than necessary.

Reducing Digital Clutter

Imagine a room filled with old, unused items—eventually, it becomes difficult to find what's truly important. The same applies to digital environments. Control 8.10 helps organisations reduce digital clutter by eliminating data that no longer adds value. This not only streamlines operations but also makes it easier to locate and manage relevant information.

Methods of Secure Deletion

Effective data deletion goes beyond hitting the delete button. Control 8.10 encourages organisations to use methods that ensure data is irrecoverable. This may involve overwriting data, degaussing storage media, or physically destroying devices. By taking these steps, organisations prevent potential data breaches and unauthorised recovery of information.

Documenting Deletion Processes

In the world of information security, documentation is key. Control 8.10 underscores the importance of documenting data deletion processes. By maintaining clear records of when and how data was deleted, organisations demonstrate accountability, transparency, and their commitment to responsible data management.

A Leaner, More Secure Future

Control 8.10 isn't just about getting rid of unnecessary data; it's about fostering a culture of responsible data management. By adhering to proper data deletion practices, organisations protect sensitive information, comply with regulations, and ensure a more organised and secure digital environment. As we navigate the complexities of the digital age, let's remember that what we choose to delete can be just as impactful as what we choose to keep.

To learn more about ISO 27001 controls and best practices for information security, visit and "Request Info." Let's embark on a journey to master the art of information deletion, creating a cleaner, more secure digital landscape for ourselves and our organisations.

2 views0 comments


bottom of page