S 4.32 Physical deletion of data media before and after usage

Initiation responsibility: IT Security Officer

Implementation responsibility: Specialists Responsible

In addition to the instructions for the deletion and destruction of data media in safeguard S 2.167 Selecting suitable methods for deleting or destroying data, the following points must be considered when exchanging data media.

All magnetic data media used to exchange data should be physically erased before the information to be transmitted is written to the media. This is intended to ensure that no residual data that the recipient is not authorised to receive is disclosed to the recipient.

Adequate physical deletion for normal protection requirements can be achieved by overwriting the entire data medium, or at least the used sectors, with a certain pattern. Another alternative is to format the data medium provided that the format operation cannot be undone. The deletion of individual files should be avoided since this often leaves hidden data on the media, which can then make it possible to reconstruct the deleted files.

In general, the recipient also considers the transmitted data to be worthy of protection. As with the sender, it is also preferred in this case to physically delete the data from the data medium after reading it out.

Non-erasable data media (such as WORMs, for example) should not be used for the purpose of exchanging data when they contain additional information that cannot be deleted and is not intended for the recipient.

Review questions:

© Federal Office for Information Security. All rights reserved.