Reducing Risk of Data Leakage when Destroying Hard Drives | Vendor Management Solutions

Best Practices for Data Destruction by Vendors | CRISC Exam Preparation

Prev Question Next Question

Question

An organization uses a vendor to destroy hard drives.

Which of the following would BEST reduce the risk of data leakage?

Answers

A. Implement an encryption policy for the hard drives

B. Require the vendor to degauss the hard drives

C. Use an accredited vendor to dispose of the hard drives

D. Require confirmation of destruction from the IT manager.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Out of the given options, the BEST way to reduce the risk of data leakage when using a vendor to destroy hard drives is to require the use of an accredited vendor to dispose of the hard drives.

Explanation: When a company decides to dispose of hard drives, it's important to ensure that the data on them is securely wiped off or destroyed to prevent unauthorized access to sensitive information. A third-party vendor is often hired to perform the destruction of the hard drives. However, there is always a risk of data leakage during the process if the vendor is not trustworthy or lacks the required skills and tools to perform the job securely.

Option A suggests implementing an encryption policy for the hard drives, which would encrypt the data stored on them. However, encryption alone does not protect against data leakage if the hard drives are not disposed of securely.

Option B suggests requiring the vendor to degauss the hard drives. Degaussing involves exposing the hard drive to a strong magnetic field to erase the data stored on it. While this is an effective way to erase data, it requires specialized equipment, and there is always a risk that some data may remain on the hard drive if the process is not done correctly.

Option C suggests using an accredited vendor to dispose of the hard drives. This is the best option because an accredited vendor has undergone a rigorous assessment to ensure that they have the necessary skills, expertise, and processes to dispose of hard drives securely. An accredited vendor is likely to have a secure facility, secure transportation, and documented processes for destroying hard drives.

Option D suggests requiring confirmation of destruction from the IT manager. While this can provide an additional layer of assurance that the hard drives have been destroyed, it is not foolproof, as the IT manager may not have the necessary expertise to confirm that the hard drives were destroyed securely.

In conclusion, using an accredited vendor to dispose of the hard drives is the best option to reduce the risk of data leakage.

Prev Question Next Question