Your firm’s Cyber Program or Written Information Security Policy (WISP) should include a procedure for decommissioning devices when they will no longer be used.
Regulators are requesting that firms formally offboard, track and retain records of devices that were used to access or store private data. For example, one of the most recent FCI client SEC audits included a request for a list of computers that were decommissioned in the last year and evidence of their proper destruction.
Financial Services Firms Need to Consider the SEC Cybersecurity and Resiliency Observations.
There are two options to properly decommission a computer: destroy or repurpose.
* You can destroy the hard disk yourself and evidence the process with pictures or hire a third-party vendor who will provide a certificate of destruction.
* You can securely repurpose an encrypted disk by using the operating system feature to perform a low-level format.
Remember to record decommissioning with evidence in your cyber folder and remove the computer from your asset inventory list.
Managed Cybersecurity Service is the best solution to safeguard private data and meet regulatory requirements. Enforcement of cyber settings, tools, and policies ensures the security of devices and the private data they contain.
For more information about Managed Endpoint Protection, please visit: https://fcicyber.com/managed-endpoint-protection/
