Ensure Degaussed Media is Physically Damaged
After using a degausser, damage internal components of magnetic media to prevent data recovery.
Plain language
After you erase data from old magnetic storage devices like hard drives using a device called a degausser, it's important to physically damage the device to ensure that no one can recover any old data from it. This matters because if someone were to access that data, it might include sensitive information that could lead to identity theft or business secrets being exposed.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Following the use of a degausser, magnetic media is physically damaged by deforming any internal platters.
Why it matters
If degaussed media is not physically damaged, residual data may be recovered from platters, exposing sensitive information.
Operational notes
After degaussing, confirm internal platters are deformed (e.g., drilled/shredded) and record checks as part of media disposal.
Implementation tips
- The IT manager should organise a clear process for handling old magnetic media. First, gather all devices that need degaussing and label them clearly to track them through the process.
- The IT team should use a degausser to erase data from the magnetic media. Ensure the team is trained properly on the degausser's operation to maximise data erasure success.
- After degaussing, the designated disposal team member should physically damage the device, like bending or drilling through the platters inside a hard drive, to make data recovery impossible.
- Implement a checklist for each device processed to ensure the degaussing and physical damage steps are verified by a second team member, offering a double-check system to prevent mistakes.
- The office manager should set up a periodic review schedule to ensure the disposal process is being followed consistently, adjusting the process as necessary based on feedback from the disposal team.
Audit / evidence tips
-
Askthe media degaussing and destruction log: Request records tracking each device processed through the degaussing and destruction steps
GoodA complete, up-to-date log with all devices recorded and confirmed destroyed
-
Askto see the disposal procedure documentation: Obtain the written procedure for magnetic media disposal
GoodA detailed procedure document that matches actual operations observed on-site
-
Aska demonstration of the degaussing process: Request a live demonstration or a video of a typical device being degaussed
GoodThe staff member correctly uses the degausser with no visible errors or safety concerns
-
Askthe training records of staff involved in the process: Request evidence of relevant training for all personnel handling media disposal
GoodEach staff member has a recent completion certificate and training covers both degaussing and destruction techniques
-
Askevidence of tool maintenance logs: Request information on the maintenance schedule and service records for the degausser
GoodRegular, documented maintenance is performed, ensuring the degausser is operational and effective
Cross-framework mappings
How ISM-1641 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1641 mandates a specific end-of-life handling step for magnetic media: once degaussed, it must be physically damaged to defeat recovery | |
| Annex A 7.14 | ISM-1641 requires that after degaussing, magnetic media is physically damaged (e.g | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.