Secure Erase for Non-Volatile Magnetic Media
Use secure erase plus software to fully overwrite data on hard drives, including hidden areas.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Nov 2021
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
Guideline
Guidelines for mediaSection
Media sanitisationThe ATA secure erase command is used, in addition to block overwriting software, to ensure the growth defects table of non-volatile magnetic hard drives is overwritten.
Source: ASD Information Security Manual (ISM)
Plain language
When you get rid of old hard drives or computers, you want to make sure no one can dig up any old files from them. This control tells us how to securely erase all the information stored on magnetic hard drives, even in the hidden parts. It's important because if data isn't erased properly, someone could access sensitive business or personal information without your knowledge.
Why it matters
Failure to use ATA Secure Erase plus block overwriting can leave data in growth defect tables, enabling data recovery.
Operational notes
For HDD disposal, run ATA Secure Erase and then block-overwrite; record logs to confirm growth defect tables are overwritten.
Implementation tips
- The IT team should ensure that they have access to secure erase software that can completely wipe hard drives before disposal or reuse. They can download reliable software from trusted sources recommended by the Australian Cyber Security Centre (ACSC).
- Managers should coordinate with the IT team to set up a regular schedule for checking which drives need erasing. They can list all drives that are due for replacement and prioritise those containing sensitive data.
- Office managers should keep a record of all equipment that contains hard drives. They should work with IT to ensure that every drive is securely erased before disposal. Keep a simple spreadsheet to track this.
- Employees who use computers should inform IT staff when a machine is no longer needed or needs to be replaced. IT staff can then initiate the secure erase process following the guidelines from the software provider.
- Procurement should ensure that any new hardware purchases come with clear instructions or software for secure erase procedures. This ensures compliance even as new devices are introduced into the workplace.
Audit / evidence tips
-
Ask: the secure erase policy document: Request a document that outlines the procedures and tools used for secure erasing drives
Good: is a detailed policy that explains how all drives are managed and verified once erased
-
Ask: evidence of software tools used: Request documentation showing the secure erase software in use within the organisation
Good: includes up-to-date licences and records of software installation
-
Ask: to see records of erased drives: Request logs or a list of drives that have been securely erased
Good: is a comprehensive log showing systematic records of the secure erase process
-
Ask: evidence of staff training: Request records or certificates showing that IT staff have been trained in secure data erasure
Good: includes recent training sessions and staff acknowledgements of the procedures
-
Ask: the IT disposal checklist: Request the checklist used by IT staff before disposing of or repurposing drives. Look to ensure it includes a verification step for secure erasure completion
Good: is a checklist that is routinely used with all necessary steps clearly marked and actioned
Cross-framework mappings
How ISM-1067 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 7.14 | Annex A 7.14 requires ensuring sensitive data is removed or securely overwritten from storage media prior to disposal or re-use | |
| Supports (1) | ||
| Annex A 7.10 | ISM-1067 addresses secure erasure of non-volatile magnetic hard drives by mandating ATA Secure Erase plus block overwriting to cover hidd... | |