Safely Disposing of Unsanitised Printer Components
Destroy printer cartridges or print drums if they can't be sanitised, like other memory devices.
Plain language
This control is about properly getting rid of printer parts like cartridges and drums when they're no longer usable or can't be cleaned securely. If you don't destroy these parts correctly, sensitive information could potentially be recovered by others, leading to privacy breaches and security risks.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When unable to sanitise printer cartridges or MFD print drums, they are destroyed as per electrostatic memory devices.
Why it matters
If unsanitised printer cartridges or MFD drums are not destroyed, residual images/data may be recovered from disposed parts, causing a data breach.
Operational notes
Verify cartridges/drums that cannot be sanitised are handled as electrostatic memory devices and destroyed, with disposal records and periodic spot-checks.
Implementation tips
- The office manager should be responsible for identifying old printer cartridges and drums that need disposal. They should keep a log of these components and their removal dates to ensure they are handled promptly.
- The IT team should set up a process for securely destroying unusable printer parts. This means arranging for them to be collected by a professional disposal service that offers certificates of destruction.
- Procurement staff should choose a disposal service that specialises in electronic waste, ensuring they can safely destroy components like printer cartridges and memory devices. Always ask for certificates of destruction from the service.
- Staff members involved in the disposal process should be trained on the importance of securely handling printer components. This can involve a short training session explaining the risks and the organisation's procedures.
- Managers should periodically review disposal practices to ensure they comply with security guidelines. They can do this by checking logs of disposed items and certificates of destruction to ensure everything is accounted for.
Audit / evidence tips
- AskThe disposal log of printer components: Check this document for entries that include dates, parts disposed of, and responsible personnel GoodLog will have all required details and match the certificates of destruction received
- AskThem to explain the steps they take to ensure secure disposal GoodWill describe a documented process, proper service selection, and regular checks
Cross-framework mappings
How ISM-0318 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-0318 requires organisations to destroy printer cartridges or MFD print drums when they cannot be sanitised, treating them as electros... | |
| Annex A 7.14 | ISM-0318 requires destruction of printer cartridges or print drums when sanitisation is not possible to prevent residual data exposure | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.