Certified in Risk and Information Systems Control (CRISC) — Question 1403

An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

Answer options

• A. Implement an encryption policy for the hard drives
• B. Require the vendor to degauss the hard drives
• C. Use an accredited vendor to dispose of the hard drives
• D. Require confirmation of destruction from the IT manager

Correct answer: C

Explanation

Using an accredited vendor for hard drive disposal ensures that the vendor follows recognized standards and practices for data destruction, thereby significantly minimizing the risk of data leakage. While encryption policies and degaussing can help, they do not guarantee the complete destruction of data. Confirmation from the IT manager, while useful, does not replace the need for proper vendor accreditation.