Destroy Unsanitised Televisions and Monitors
Televisions and monitors that can't be cleaned of data are to be physically destroyed.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Aug 2018
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
Televisions and computer monitors that cannot be sanitised are destroyed.
Source: ASD Information Security Manual (ISM)
Plain language
Televisions and computer monitors that store or display data need to be destroyed if they can't be cleaned of any sensitive information. This is important because if these devices are not properly dealt with, sensitive information could leak out and cause security issues or privacy breaches.
Why it matters
If unsanitised TVs/monitors aren’t destroyed, residual images or stored data can be recovered, causing sensitive data exposure and reputational harm.
Operational notes
Tag any TV/monitor that can’t be sanitised, remove it from service, and record certificate of destruction with serial number and date in the asset register.
Implementation tips
- The IT team should assess each television or monitor to determine if any sensitive data is stored or displayed. They should check the device's specifications and manuals to see if data storage is possible.
- Managers should create an inventory of all TVs and monitors and determine which ones cannot be sanitised, marking them for destruction. This involves coordinating with the IT team to confirm which devices need this action.
- The procurement team should collaborate with a certified e-waste recycling company that specialises in securely destroying electronic equipment. Ensure they are able to provide certification of destruction to prove devices have been properly disposed.
- System owners should provide training to staff on recognising which devices might hold sensitive information. Conduct workshops or provide materials that explain the risks and what should trigger a destruction decision.
- The finance department should allocate budget resources for the destruction process, ensuring there is funding available to cover the costs associated with secure disposal of these electronic devices.
Audit / evidence tips
-
Ask: an up-to-date inventory of televisions and monitors: Request this document from the IT team or asset manager
Good: inventory will clearly list devices set for destruction
-
Good: document will include dates and identification of each destroyed device
-
Ask: training records from the system owners: Ensure they have conducted training sessions for staff regarding device sanitisation and destruction
-
Good: report shows a designated budget entry for secure destruction
-
Ask: the IT team for their assessment criteria used to determine unsanitised devices: Review how they assess whether a device stores data
Good: will show a thorough and consistent methodology
Cross-framework mappings
How ISM-1222 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (2) | ||
| Annex A 7.10 | ISM-1222 requires televisions and computer monitors that cannot be sanitised to be destroyed to eliminate any residual data risk | |
| Annex A 7.14 | ISM-1222 requires televisions and computer monitors that cannot be sanitised to be physically destroyed to prevent residual data compromise | |