Methods for Destroying Magnetic Floppy Disks
Magnetic floppy disks should be destroyed by burning, grinding, degaussing, or cutting to prevent data recovery.
Plain language
This control is about making sure old magnetic floppy disks are completely destroyed so no one can access the data on them. If this isn't done, sensitive information could be stolen, leading to privacy breaches or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Magnetic floppy disks are destroyed using a furnace/incinerator, hammer mill, disintegrator, degausser or by cutting.
Why it matters
If magnetic floppy disks are not destroyed (e.g., degaussed, incinerated or cut), recoverable data may be extracted, causing a breach and reputational and financial harm.
Operational notes
Use only approved floppy disk destruction methods (incinerator/furnace, hammer mill, disintegrator, degausser or cutting) and record chain-of-custody and completion.
Implementation tips
- Office manager should organise the scanning of office storage to identify and collect any old floppy disks lying around. This can be done by setting a day when all staff bring in any old disks they find at their desks or in storage.
- IT team should assess the gathered floppy disks to determine the best method for destruction based on the volume and available resources. This might involve researching local services that can provide certified destruction services.
- Office manager should engage a professional service that specialises in secure media destruction. Contact a few vendors to compare prices and ensure they offer certified destruction methods like burning or grinding.
- Procurement team should purchase or hire equipment if professional services are not an option. This could be a high-quality shredder that can destroy floppy disks or a strong degaussing tool.
- HR should inform all staff about the data destruction policy and the reasons behind it, emphasising the importance of protecting sensitive data even from outdated media like floppy disks.
Audit / evidence tips
-
Askthe media destruction policy document
Goodpolicy will clearly specify approved destruction methods and roles responsible
-
Goodcertificate will include all these details, proving data was securely destroyed
-
Askstaff involved in the destruction process to describe how they identified the disks and chose a destruction method
Goodwill show awareness of the policy and an understanding of destruction methods used
-
Askrecords of communications or trainings provided to staff about data destruction policies. Review these records for evidence that staff are informed and reminded regularly about media destruction practices
Goodoutcome will show periodic training sessions or reminders
Cross-framework mappings
How ISM-1723 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1723 mandates secure end-of-life handling for one specific removable medium type by specifying acceptable destruction methods for mag... | |
| Annex A 8.10 | ISM-1723 addresses preventing information recovery by requiring physical destruction of magnetic floppy disks using specific approved met... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.