Supervise and Certify Accountable Material Destruction
Supervisors ensure accountable material is destroyed properly and sign a certificate to confirm it.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Nov 2021
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
Guideline
Guidelines for mediaSection
Media destructionPersonnel supervising the destruction of media storing accountable material supervise its handling to the point of destruction, ensure that the destruction is completed successfully and sign a destruction certificate afterwards.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about making sure that sensitive materials, like documents or old computer disks that contain important data, are properly destroyed when they’re no longer needed. If we don't do this right, there’s a risk that private information might be leaked, which can harm your business’s reputation or even lead to legal troubles.
Why it matters
Failure to certify accountable material destruction can enable unrecoverable data compromise, regulatory breach and legal liability.
Operational notes
Supervise accountable material from custody to destruction, confirm the method completed, and sign and retain a destruction certificate.
Implementation tips
- Managers should designate responsible personnel to oversee material destruction. They should assign a trusted employee who is aware of what materials need to be destroyed and ensure they follow through from start to finish.
- The designated supervisor needs to be equipped with a destruction checklist. This list should have detailed steps on how to properly destroy each type of material and ensure nothing is skipped.
- Employees responsible for destruction should employ only approved methods, like shredders for paper or professional services for electronics. They must follow the procedure exactly as specified to ensure complete destruction.
- After destruction, the supervising person should complete a destruction certificate. This certificate should detail what was destroyed, the method used, and it needs to be signed to verify accuracy.
- Keep records of all destruction certificates securely filed. This will help in future audits and ensure there is a clear trail of accountability for all destroyed materials.
Audit / evidence tips
-
Ask: the list of materials designated for destruction: Review the list for completeness, ensuring sensitive items are clearly indicated
Good: is a comprehensive list with item descriptions and their classification
-
Ask: to see a completed destruction certificate
Good: demonstrates completeness and clarity in documenting the destruction process
-
Ask: them about their understanding of the destruction process and how they ensure compliance
Good: reflects a clear understanding of procedures and the importance of each step in the process
-
Good: includes secure, organised, and accessible records that match the number of signed destruction certificates
Cross-framework mappings
How ISM-0373 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 7.14 | ISM-0373 requires personnel supervising destruction of media storing accountable material to supervise handling through to destruction, v... | |
| Supports (1) | ||
| Annex A 5.33 | Annex A 5.33 requires records be protected from loss, destruction, falsification, unauthorised access and unauthorised release across the... | |