Use: complete when a device or media holding Confidential data is sanitized/destroyed. Owner: IT (CISO). File in the Disposal Log + SharePoint evidence library. Frameworks: SOC 2 AST-1 / CC6.5 (asset disposal); ISO 27001 A.7.14. Implements Records Disposal. Vanta slot:
media-disposal.Fill at the time of disposal — factual. If no physical-media disposal has occurred and none is required, mark the corresponding control N/A. Replace every {{placeholder}}.
Asset
- Asset / media: {{asset_media}} · Owner/custodian: {{owner_custodian}}
- Data classification held: {{data_classification}}
- Reason: {{disposal_reason}}
Sanitization / destruction
- Method: {{sanitization_method}}
- Performed by: {{performed_by_party}} · Vendor (if any): {{vendor_name}}
- Date: {{destruction_date}} · Location: {{destruction_location}}
- Verification: {{verification}}
Attestation
I certify the above media was sanitized/destroyed per the method stated, rendering Confidential data unrecoverable. Performed/witnessed by. Signature: _______________________________ Printed Name: {{performer_name}} Title: {{performer_title}} Date: ___________________________________ CISO. Signature: _______________________________ Printed Name: {{ciso_name}} Title: {{ciso_title}} Date: ___________________________________Variables
| Variable | Description |
|---|---|
{{asset_media}} | Device type, asset tag, and serial number of the media/device |
{{owner_custodian}} | Owner or custodian of the asset |
{{data_classification}} | Data classification held (e.g., Confidential / Internal) |
{{disposal_reason}} | Reason for disposal (e.g., end-of-life / damaged / returned) |
{{sanitization_method}} | Sanitization/destruction method (e.g., NIST 800-88 cryptographic erase / wipe / physical destruction) |
{{performed_by_party}} | Party performing the disposal (e.g., internal IT / third-party vendor) |
{{vendor_name}} | Vendor name, if a third-party vendor performed the disposal |
{{destruction_date}} | Date the sanitization/destruction occurred |
{{destruction_location}} | Location where the sanitization/destruction occurred |
{{verification}} | Verification of disposal (e.g., wipe confirmation / vendor certificate attached) |
{{performer_name}} | Printed name of the person who performed or witnessed the disposal |
{{performer_title}} | Title of the person who performed or witnessed the disposal |
{{ciso_name}} | Printed name of the CISO attesting to the disposal |
{{ciso_title}} | Title of the CISO (e.g., Chief Information Security Officer) |