Methods for Destroying Electrostatic Memory Devices
Use specialized machines or incineration to securely destroy memory storage devices.
Plain language
Electrostatic memory devices, like USB drives and solid-state drives, need to be destroyed properly to ensure sensitive information doesn't fall into the wrong hands. If these devices are not securely destroyed, data can be recovered and lead to privacy violations or even financial losses.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Electrostatic memory devices are destroyed using a furnace/incinerator, hammer mill, disintegrator or grinder/sander.
Why it matters
Improper destruction of electrostatic memory devices could allow data recovery, exposing sensitive information and causing financial loss.
Operational notes
Verify furnaces/incinerators and grinders/disintegrators are used correctly and document destruction to ensure electrostatic memory devices cannot be recovered.
Implementation tips
- IT team should identify all electrostatic memory devices needing destruction. Create an inventory list and schedule regular checks to ensure all such devices are accounted for before they are destroyed safely.
- Procurement team should engage a reputable data destruction service. Research and select a service provider that offers furnace/incinerator, hammer mill, disintegrator, or grinder/sander options for destroying memory devices.
- Office managers should ensure staff are trained on data disposal policies. Conduct training sessions that explain the importance of proper disposal and the steps to report unused devices to the IT team.
- Facilities staff should set up secure collection points for old devices. Place locked bins in designated areas where employees can drop off outdated devices awaiting destruction.
- Company leaders should document the destruction process. Work with the IT team to ensure there is a written policy outlining how and when devices are destroyed, and retain records of each destruction event.
Audit / evidence tips
-
Askthe inventory list of electrostatic memory devices
Good: The list is comprehensive, up-to-date, and includes destruction dates
-
GoodContracts clearly outline methods compliant with ISM standards
-
Asktraining records for staff involved in media destruction
GoodRecords show regular training sessions with comprehensive coverage
-
GoodPolicy is clear, includes all necessary steps and roles, and is regularly reviewed
-
Askdestruction certificates or reports. Check the documents for details of destroyed items and methods used
GoodCertificates detail the devices destroyed, date, and methods used, confirming compliance with policy
Cross-framework mappings
How ISM-1722 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1722 requires electrostatic memory devices to be physically destroyed using specific methods (e.g | |
| Annex A 8.10 | ISM-1722 addresses secure destruction of electrostatic memory devices via physical destruction techniques to ensure information cannot be... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.