+AM-07.01AC

1. Übersicht

AM-07.01AC

The destruction of data on hardware components is carried out in such a manner that data recovery can be reasonably considered to be impossible.

The deletion of data or physical destruction of data mediums can take place, for example, according to DIN 66399 or BSI IT-Grundschutz module CON.6.

This approval process ensures that disposal activities conducted offsite adhere to the organisation's security, compliance, and environmental policies. It typically includes:

1. Verification of asset ownership and usage history;
2. Assessment of data sanitisation requirements;
3. Selection of approved disposal vendors or methods;
4. Documentation of disposal actions and approvals; and
5. Confirmation of secure data deletion or destruction.

This criterion is not applicable for hardware components that do not store cloud service customer data, cloud service derived data, cloud service provider data or account data (e.g. monitors, routers or keyboards).

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html