Using Degaussers for Magnetic Media Destruction
Magnetic media is destroyed by ensuring the degausser has the right strength and orientation of the magnetic field.
Plain language
This control is about using a degausser, a device that erases data from magnetic media, like old hard drives and tapes. It's crucial because if you don't properly destroy the data, sensitive information could fall into the wrong hands, risking privacy breaches and confidential data leaks.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Magnetic media is destroyed using a degausser with a suitable magnetic field strength and magnetic orientation.
Why it matters
If degaussing is ineffective or the wrong field strength/orientation is used, data on magnetic media may be recoverable, causing confidential data leaks and privacy breaches.
Operational notes
Confirm the degausser is calibrated and rated for the media type; verify required field strength and correct magnetic orientation, and maintain logs of testing and use.
Implementation tips
- Ensure the IT team purchases or accesses a degausser that is suitable for the types of magnetic media used by the organisation. They should verify the machine's compatibility and strength ratings to ensure effective data destruction.
- The IT manager should train key staff members on how to operate the degausser safely and effectively. This training should cover setting the correct magnetic field strength and the process for confirming media has been properly degaussed.
- The person responsible for data security should establish a checklist for degaussing processes. This list should include steps such as identifying the media type, verifying the degausser settings, and confirming data is wiped post-processing.
- Regularly schedule a maintenance routine for the degausser, which could be done by the IT maintenance team. They should follow the manufacturer's guidelines to keep the equipment in good working order and reduce the risk of failed data destruction.
- The data protection officer should set up a log system where all degaussing activities are recorded. This log should include details like the date of degaussing, the media type, the responsible person, and any issues encountered during the process.
Audit / evidence tips
-
Askthe degausser operation manual: Verify that the manual provides clear instructions on how to adjust magnetic field strength for different media types
Goodincludes detailed steps and guidelines from the manufacturer
-
Goodshows thorough record-keeping with no missing information
-
Goodis up-to-date training records with signatures or completion certificates
-
Goodinvolves precise adherence to the established checklist
-
Askhow they ensure the degausser is maintained and what steps they follow
Goodincludes regular maintenance schedules and logs, showing compliance with manufacturer guidelines
Cross-framework mappings
How ISM-0361 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 7.10 | ISM-0361 requires magnetic media to be destroyed using a degausser with suitable magnetic field strength and correct magnetic orientation | |
| handshake Supports (2) expand_less | ||
| Annex A 7.14 | ISM-0361 focuses on ensuring effective destruction of magnetic media, thereby supporting Annex A 7.14's goal of preventing data leakage d... | |
| Annex A 8.10 | Annex A 8.10 requires secure deletion of unneeded data, while ISM-0361 supports this by specifying the use of rated degaussers for magnet... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.