GV.SC-10.116

Does your organization have a documented process for the timely return and secure disposal of assets containing organizational data?

Explanation

This question assesses whether your organization has formal procedures to ensure that all company assets (laptops, mobile devices, storage media, etc.) containing sensitive data are either returned or properly destroyed when no longer needed or when employees leave. Without proper asset return and disposal processes, organizational data may remain accessible to unauthorized individuals, potentially leading to data breaches or compliance violations. Evidence could include a documented asset return/disposal policy, exit checklists for departing employees, certificates of destruction from approved vendors, asset disposal logs, or records of media sanitization that comply with standards such as NIST SP 800-88.

Implementation Example

Verify that assets containing the organization's data are returned or properly disposed of in a timely, controlled, and safe manner

ID: GV.SC-10.116

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub