Use: complete when a device or media holding Confidential data is sanitized/destroyed. Owner: IT (CISO). File in the Disposal Log + SharePoint evidence library. Frameworks: SOC 2 AST-1 / CC6.5 (asset disposal); ISO 27001 A.7.14. Implements Records Disposal. Vanta slot: media-disposal.
Fill at the time of disposal — factual. If no physical-media disposal has occurred and none is required, mark the corresponding control N/A. Replace every {{placeholder}}.

Asset

  • Asset / media: {{asset_media}} · Owner/custodian: {{owner_custodian}}
  • Data classification held: {{data_classification}}
  • Reason: {{disposal_reason}}

Sanitization / destruction

  • Method: {{sanitization_method}}
  • Performed by: {{performed_by_party}} · Vendor (if any): {{vendor_name}}
  • Date: {{destruction_date}} · Location: {{destruction_location}}
  • Verification: {{verification}}

Attestation

I certify the above media was sanitized/destroyed per the method stated, rendering Confidential data unrecoverable. Performed/witnessed by. Signature: _______________________________ Printed Name: {{performer_name}} Title: {{performer_title}} Date: ___________________________________ CISO. Signature: _______________________________ Printed Name: {{ciso_name}} Title: {{ciso_title}} Date: ___________________________________

Variables

VariableDescription
{{asset_media}}Device type, asset tag, and serial number of the media/device
{{owner_custodian}}Owner or custodian of the asset
{{data_classification}}Data classification held (e.g., Confidential / Internal)
{{disposal_reason}}Reason for disposal (e.g., end-of-life / damaged / returned)
{{sanitization_method}}Sanitization/destruction method (e.g., NIST 800-88 cryptographic erase / wipe / physical destruction)
{{performed_by_party}}Party performing the disposal (e.g., internal IT / third-party vendor)
{{vendor_name}}Vendor name, if a third-party vendor performed the disposal
{{destruction_date}}Date the sanitization/destruction occurred
{{destruction_location}}Location where the sanitization/destruction occurred
{{verification}}Verification of disposal (e.g., wipe confirmation / vendor certificate attached)
{{performer_name}}Printed name of the person who performed or witnessed the disposal
{{performer_title}}Title of the person who performed or witnessed the disposal
{{ciso_name}}Printed name of the CISO attesting to the disposal
{{ciso_title}}Title of the CISO (e.g., Chief Information Security Officer)

Cross-references