Methods for Destroying Semiconductor Memory
Specialised equipment like a furnace or hammer mill is used to destroy semiconductor memory to ensure security.
Plain language
This control is about making sure that when you don’t need your computer memory chips anymore, they’re completely destroyed. If you don’t do this properly, confidential data could be recovered by someone else later, posing a risk to your privacy and security.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Semiconductor memory is destroyed using a furnace/incinerator, hammer mill or disintegrator.
Why it matters
Failure to physically destroy semiconductor memory can allow data recovery from chips, leading to leakage of sensitive information and compromise.
Operational notes
Regularly verify furnaces/incinerators, hammer mills or disintegrators meet required destruction outcomes, and record device IDs and destruction logs for audit.
Implementation tips
- IT team members should gather old or broken semiconductor memory from computers or devices that are no longer in use. Collect them in a secure location to prevent loss or theft before destruction.
- The IT manager should choose an appropriate method for destruction based on available resources. This might involve finding a local company with a furnace that can securely incinerate the memory chips.
- Procurement should ensure any third-party service providers used for destruction are reputable and follow security protocols, such as having necessary certifications. Check references and industry standards before making a decision.
- Facilities management should coordinate the physical transportation of semiconductor memory to the destruction site. Ensure the transport is secure by using a sealed and tracked container.
- Once the memory is destroyed, IT or an authorised third party should document the process with photos or a certificate. This documentation should include date and method of destruction for records.
Audit / evidence tips
- AskTransportation records of semiconductor memory: Request documents or logs showing how the memory was transported to the destruction site GoodIncludes secure transport logs with dates and responsible parties clearly listed
- AskContracts with destruction service providers: Request to see the contracts that outline agreements with external companies that destroy memory for you GoodShows a signed agreement that mentions adherence to current security standards
- AskCertificates or reports showing the destruction of memory GoodIncludes certificates that are specific and signed by the service provider
- AskTo see the procedure for memory destruction: Request the documented policy or procedure your organisation uses for this process GoodProvides a detailed, step-by-step procedure with defined roles
- AskIncident reports related to memory disposal: Request any records of security incidents connected to memory disposal issues GoodShows a low number of incidents with swift, documented responses
Cross-framework mappings
How ISM-1727 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.10 | ISM-1727 addresses secure end-of-life handling by mandating specific physical destruction methods for semiconductor memory | |
| Annex A 7.14 | ISM-1727 requires semiconductor memory to be physically destroyed using specialised destruction methods (e.g., furnace/incinerator, hamme... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.