Destroy Unsanitised Televisions and Monitors
Televisions and monitors that can't be cleaned of data are to be physically destroyed.
Plain language
Televisions and computer monitors that store or display data need to be destroyed if they can't be cleaned of any sensitive information. This is important because if these devices are not properly dealt with, sensitive information could leak out and cause security issues or privacy breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Televisions and computer monitors that cannot be sanitised are destroyed.
Why it matters
If unsanitised TVs/monitors aren’t destroyed, residual images or stored data can be recovered, causing sensitive data exposure and reputational harm.
Operational notes
Tag any TV/monitor that can’t be sanitised, remove it from service, and record certificate of destruction with serial number and date in the asset register.
Implementation tips
- The IT team should assess each television or monitor to determine if any sensitive data is stored or displayed. They should check the device's specifications and manuals to see if data storage is possible.
- Managers should create an inventory of all TVs and monitors and determine which ones cannot be sanitised, marking them for destruction. This involves coordinating with the IT team to confirm which devices need this action.
- The procurement team should collaborate with a certified e-waste recycling company that specialises in securely destroying electronic equipment. Ensure they are able to provide certification of destruction to prove devices have been properly disposed.
- System owners should provide training to staff on recognising which devices might hold sensitive information. Conduct workshops or provide materials that explain the risks and what should trigger a destruction decision.
- The finance department should allocate budget resources for the destruction process, ensuring there is funding available to cover the costs associated with secure disposal of these electronic devices.
Audit / evidence tips
- AskAn up-to-date inventory of televisions and monitors: Request this document from the IT team or asset manager GoodInventory will clearly list devices set for destruction
- GoodDocument will include dates and identification of each destroyed device
- AskTraining records from the system owners: Ensure they have conducted training sessions for staff regarding device sanitisation and destruction
- GoodReport shows a designated budget entry for secure destruction
- AskThe IT team for their assessment criteria used to determine unsanitised devices: Review how they assess whether a device stores data GoodWill show a thorough and consistent methodology
Cross-framework mappings
How ISM-1222 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1222 requires televisions and computer monitors that cannot be sanitised to be destroyed to eliminate any residual data risk | |
| Annex A 7.14 | ISM-1222 requires televisions and computer monitors that cannot be sanitised to be physically destroyed to prevent residual data compromise | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.