Information security
-
Understand the information security lifecycle
- Understand what information and ICT systems you need to protect
- Assess the risks to your information security
- Design fit-for-purpose information security measures
- Implement your information security measures
- Validate your security measures
- Operate and maintain to stay secure
- Review your security measures
- Retire information securely
INF036
Retire information securely
When your information and supporting ICT systems are no longer required, they need to be archived, destroyed, repurposed, or disposed of securely.
The New Zealand Information Security Manual (NZISM) offers advice and controls for managing information and systems that have reached the end of their lifecycle.
Consider these questions:
- How will you declassify your information and equipment when it no longer needs to be protectively marked?
- How will you dispose of sensitive information and related equipment?
- Do you need to check with the original author?
- Do you have information stored in the cloud that needs to be archived or disposed of?
Make sure you take into account relevant legislation, the requirements in the New Zealand Information Security Manual, and best practice standards.
Supporting documents and information
- NZISM: Product sanitation and disposal
- NZISM: Media & IT equipment management, decommissioning and disposal
- Key obligations under the Public Records Act 2005 (PDF, 121KB) — Archives NZ
- Records Toolkit — guidance in information and records management — Archives NZ
- GCDO: Cloud Services — digital.govt.nz
- Retire information and assets securely
Page last modified: 23/03/2023