An organization's disposal policy emphasizes obtaining maximum value for surplus IT media.
The IS auditor should obtain assurance that:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is B. any existing data is removed before disposal.
Explanation:
When an organization disposes of IT media, it is essential to ensure that any existing data on the media is completely removed before disposal. The reason is that the data may contain sensitive or confidential information about the organization or its clients, which, if not properly handled, could lead to breaches of confidentiality, privacy, or data protection regulations. Therefore, it is a critical control to ensure that any data on the media is securely and irreversibly erased before it leaves the organization's premises.
Option A, returning the media to the vendor for credit, is not relevant to the disposal process, as it suggests that the organization may still have a use for the media, which contradicts the premise of the question.
Option C, removing identification labels, is not relevant to the security of the data, as it only concerns the physical labeling of the media, not the data itself.
Option D, recycling the media to other groups within the organization, does not address the risk of data exposure or unauthorized access, as it merely transfers the risk to another part of the organization.
In conclusion, the correct answer is B, which emphasizes the need to ensure that any existing data on the media is removed before disposal.