Last updated:
30th December 2024
See answers to previous information requests
How to search
- Select a year and/or a month from the drop down list
- Type a subject into the 'Subject keyword(s):' search (Optional)
- Click 'Search' button
Alternatively click 'View' to browse through all received requests.
This search is for our information requests from September 2020 onward.
Software Based Data Destruction Assurance
See notes
Follow on request from WBCIR:21280.
In response to Question 1, you confirmed that all data sanitisation is carried out to ISO 27001 standards. To clarify the recorded assurance model relied upon, please provide the following recorded information held by the Council:
1. Confirmation of whether ISO 27001 certification is relied upon by the Council as constituting an explicit outcome-based warranty or guarantee of irretrievability.
2. The recorded basis on which the Council concludes that ISO 27001 standards demonstrate that software-based erasure renders data permanently irretrievable.
3. Confirmation of whether the Certificates of Data Destruction (COD) received from the third party represent:
4. Confirmation that a defined erasure process was executed; or an explicit vendor-issued outcome warranty of irretrievability.
5. If an explicit vendor-issued outcome warranty is relied upon, please provide the recorded documentation demonstrating that warranty.
For clarity, I am not requesting technical configuration details or security-sensitive material. I am seeking clarification of the recorded basis underpinning the Council’s statements regarding outcome-based assurance.
