+AM-07 Decommissioning of Hardware
---+AM-07.01B
---+AM-07.02B
---+AM-07.01AC
---+AM-07.01AS
|
1. Übersicht
AM-07 Decommissioning of Hardware
-
| Bezeichnung |
Standard |
|
AM-07.01B
|
The cloud service provider defines, documents and implements a procedure for the decommissioning of hardware used to operate system components supporting the cloud service production environment under the responsibility of the cloud service provider. As part of this procedure, approval by authorised personnel of the cloud service provider based on the applicable policies is required.
The decommissioning procedure typically includes:
1. Verification that the asset is no longer required for operational use;
2. Assessment of associated risks and dependencies;
3. Approval by authorised personnel based on internal policies;
4. Execution of secure data deletion or sanitization processes;
5. Updating the asset inventory to reflect decommissioning status; and
6. Disposal or repurposing of the hardware in accordance with environmental and security guidelines.
This criterion is not applicable for hardware components that do not store cloud service customer data, cloud service derived data, cloud service provider data or account data (e.g. monitors, routers or keyboards).
|
|
AM-07.02B
|
The decommissioning includes either:
1. The complete and permanent deletion of all cloud service customer data, cloud service derived data, cloud service provider data and account data; or
2. The proper destruction of the media.
Account data needs to be deleted at least in cases where the data is located in the production environment for the operation of system components.
The deletion of data or physical destruction of data mediums can take place, for example, according to DIN 66399 or BSI IT-Grundschutz module CON.6.
This criterion is not applicable for hardware components that do not store cloud service customer data, cloud service derived data, cloud service provider data or account data (e.g. monitors, routers or keyboards).
|
|
AM-07.01AC
|
The destruction of data on hardware components is carried out in such a manner that data recovery can be reasonably considered to be impossible.
The deletion of data or physical destruction of data mediums can take place, for example, according to DIN 66399 or BSI IT-Grundschutz module CON.6.
This approval process ensures that disposal activities conducted offsite adhere to the organisation's security, compliance, and environmental policies. It typically includes:
1. Verification of asset ownership and usage history;
2. Assessment of data sanitisation requirements;
3. Selection of approved disposal vendors or methods;
4. Documentation of disposal actions and approvals; and
5. Confirmation of secure data deletion or destruction.
This criterion is not applicable for hardware components that do not store cloud service customer data, cloud service derived data, cloud service provider data or account data (e.g. monitors, routers or keyboards).
|
|
AM-07.01AS
|
The cloud service provider defines, documents and implements a procedure for the decommissioning of hardware used to operate system components supporting the cloud service production, development, test or staging environment under the responsibility of the cloud service provider. As part of this procedure, approval by authorised personnel of the cloud service provider based on the applicable policies is required.
This criterion is not applicable for hardware components that do not store cloud service customer data, cloud service derived data, cloud service provider data or account data (e.g. monitors, routers or keyboards).
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|