WDOCD: Secure Tape Destruction standard
For our VERY FIRST installment of “What Do Other Companies Do” (WDOCD), Randy Smith has asked the following: “What specifications do other companies require for Secure Tape Destruction (especially for older tapes that could have pre-encryption account number data). To my understanding PCI does not provide a specification. What standard seems to be “secure enough” for older tapes potentially with unencrypted data? Do you feel that standard is OK to relax when all the account number data is encrypted?” Excellent question Randy! Virtually every company we work with has some sort of destruction policy for media, and it varies from using a bulk eraser, to pulling out the DeWalt and drilling a hole right through it (yes, one company we ...
Continue Reading