SO/IEC 27040:2015 is one of a growing set of standards set forth by the International Organization for Standardization, an international body working in conjunction with the International Electrotechnical Commission (IEC) to establish security and data processing standards.
The set of standards itself is quite powerful in that it provides comprehensive guidance for the storage and protection of data within processing systems. But what does this mean for the average provider? And are there any caveats to the standards? Most importantly – how does one ensure compliance?
Today, we’re going to discuss these standards, and what they mean for the community as a whole. We’ll highlight some important caveats, and discuss how the standards handle “sanitization”. Most importantly, we’ll differentiate between sanitization and typical delete/erasure processes, and bring to light some inequities of how data is typically handled in the end-of-life cycle.
To continue reading, please visit the article by clicking this link.