1 Who is ultimately responsible for data protection within your organisation?
2 Do they have oversight of the IT asset disposal process?
3 Is this person aware of the ADISA Industry Standard?
4 Is this person aware of the Information Commissioner’s Guidance notes for IT Asset Disposal?
5 Do you currently have an IT asset disposal policy?
6 Within that policy do you stipulate what process should be applied to each media type to sanitise the data on them?
7 Do you use a specialist third party IT Asset Disposal Company for all or part of the process?
8 What is the name of that partner?
9 Do you have a contract in place with this company?
10 When did you last audit this company?
Please find attached our response.