Secure Deletion Policy

By adhering to this policy, Eververse ensures that sensitive data is securely erased or destroyed when no longer needed, protecting against unauthorized access and maintaining compliance with industry standards.

1. Purpose

The purpose of this Secure Deletion Policy is to establish guidelines and procedures for the secure deletion and destruction of sensitive data within Eververse. This policy ensures that when data is no longer required, it is securely erased or destroyed to prevent unauthorized access, in compliance with industry standards and regulatory requirements.

2. Scope

This policy applies to all systems, devices, cloud services, and storage media used by Eververse for storing sensitive data, including databases, cloud-hosted services, and other third-party systems or devices that store or process sensitive information.

This policy applies to all employees, contractors, and third parties who manage or interact with data within Eververse.

3. Secure Deletion Standards

Eververse adheres to the following standards for secure data deletion where possible (that is, where the option is made available to us by the service or device), as well as other industry-accepted standards depending on the media type:

3.1 DoD 5220.22-M (3 Pass Overwrite Standard)

  • This standard requires overwriting the data three times: the first pass with a random character, the second pass with a complement of the character, and the third pass with another random character.
  • This method is applied to data stored on traditional magnetic drives, and it ensures that data is securely erased and cannot be recovered by unauthorized parties.

3.2 Cryptographic Erasure (for Cloud Data)

  • For data stored in our cloud services, Eververse prefers cryptographic erasure. This process involves securely deleting the encryption keys, rendering the data irrecoverable, as it can no longer be decrypted without the corresponding keys.

3.3 Physical Destruction (for Hardware)

  • For hardware such as disks, SSDs, and other storage media that are decommissioned, Eververse uses physical destruction methods, including shredding or degaussing, to ensure that data is completely unrecoverable.
  • External vendors handling physical destruction must provide certificates of destruction in accordance with the standards mentioned.

4. Deletion Procedures

4.1 Data Lifecycle Management

  • Archiving: When data is no longer actively used but must be retained for legal or business purposes, it will be archived securely in compliance with data retention policies.
  • Deletion: When data reaches the end of its lifecycle, it must be securely deleted using the appropriate method based on the storage medium.

4.2 Scheduled Deletion

  • Regular audits are conducted to identify data that is no longer needed. Data identified for deletion is securely erased following the deletion schedule.
  • For cloud-based systems, Eververse utilizes automation for scheduled secure deletion tasks based on pre-defined data retention periods.

4.3 On-Demand Deletion

  • Upon request (e.g., following a customer request under GDPR or CCPA), sensitive data can be securely deleted from Eververse systems using the above-mentioned standards.
  • Cryptographic erasure is the preferred method for cloud systems, ensuring immediate and complete data destruction.

4.4 Hardware Disposal

  • When hardware (e.g., laptops, servers, storage devices) reaches the end of its useful life, it must be wiped using DoD 5220.22-M or equivalent standards.
  • If wiping is not possible or deemed insufficient, physical destruction (e.g., shredding, degaussing) is performed by certified third-party vendors.

5. Monitoring and Evidence of Deletion

5.1 Logs and Audit Trails

  • Eververse maintains logs of all secure deletion actions, including automated deletion processes and manual requests. These logs are reviewed regularly to ensure compliance with the policy.
  • Audit trails of data deletion activities are generated and stored for auditing and legal compliance.

5.2 Vendor Management

  • Any third-party vendors used for data destruction or hardware disposal should preferably provide evidence of compliance with secure deletion standards, including certificates of destruction for physical media.

6. Responsibilities

  • Chief Information Security Officer (CISO): Responsible for overseeing secure deletion activities, ensuring compliance with this policy, and conducting regular reviews.
  • IT and Security Teams: Implement secure deletion procedures, monitor for compliance, and manage third-party vendors involved in secure data destruction.
  • All Employees: Ensure that they follow secure deletion procedures and report any issues related to data that has not been securely deleted.

7. Policy Review and Updates

This Secure Deletion Policy will be reviewed annually, or as necessary, to address changes in technology, regulatory requirements, or business needs.

8. Contact Information

For any questions or clarifications regarding this Secure Deletion Policy, please contact us.

Get started for free

Explore problems, ideate solutions, prioritize features and plan your roadmap with the help of AI.

Get started for free
Eververse

Eververse

© Eververse 2024. All rights reserved.

HomeBlogPricingContactLegal
All systems normal