RISM16 Data Deletion Policy

UCL Research Data Information Security Management System Data Deletion Policy #

Document Name: RISM16-Data_Deletion_Policy.md

Classification: Public

Author: Tim Machin

version: Version: 1.1

Created: 05/02/2025

Last Review: 07/04/2025

Last Reviewed by: Preeti Matharu

Approved by: OMG

Approved date: 12/03/2025

Review Period: 3 Years

1. Document Overview #

This Policy outlines the principles and procedures for securely deleting data in conformance with ISO 27001. It ensures that data is erased in a manner that protects confidentiality, integrity, and availability while complying with legal, regulatory, and contractual obligations.

2. Scope #

This policy applies to all information systems and data within the scope of the Research Data ISMS.

3. Data Retention and Deletion Criteria #

Data retention periods are determined by the the UCL Data Retention Policy and any legislative or contractual obligation covering those data assets. Information Asset Owners and Administrators shall be responsible for monitoring such agreements and requesting secure deletion of data where required.

4. Secure Deletion Methods #

At least one of the following “sanitisation” methods shall be used for the secure deletion of digital data meeting NIST 800-88 standards. The method(s) should ensure the risk of recovery is minimised and will vary depending on the media.

  • Clear (e.g. Overwrite user addressable storage space with non-sensitive data)
  • Purge (e.g. Cryptographic erase )
  • Destroy (e.g. Physical destruction of disks)

5. Data Deletion Process (Research Study Data) #

  1. Request for Data Deletion: Initiated by an the Information Asset Owner or Administrator of the Study.
  2. Execution: Implement appropriate deletion method.
  3. Confirmation: Ensure data is irreversibly deleted and cannot be reconstructed.

6. Data Deletion Process (Information System) #

  1. Raise a Change Request: Raised by an Environment Administrator.
  2. Authorisation: Approved by an Environment Owner.
  3. Execution: Implement appropriate deletion method.
  4. Confirmation: Ensure data is irreversibly deleted and cannot be reconstructed.

7. Storage Media Destruction #

In circumstances where other methods of data deletion are not possible and risk of disclosure remains, then the Environment owner may require that physical media should be destroyed. The destruction process should be documented and approved by the Environment owner. Destroyed media should be recorded (inc. serial numbers, date of destruction, etc) and this record stored with any relevant certificate of destruction. Media to be destroyed shall be stored with the same level of physical security as the live Environment. Disks shall be securely transported to the data destruction location. Third parties who are engaged to destroy records or equipment should be certified to the NCSC Assured Service CAS Service Requirement Sanitisation and contracts or other written confirmation with third parties must include the requirement to have appropriate security measures and the facility to allow audit by the organisation.

7. Exceptions & Special Cases #

Where data assets are stored in breach of contract or legal obligations, deletions may be completed without the express permission of the Information Asset Owner. Such data deletions require the approval of the Operational Management Group in agreement with the Data Protection Office.

8. Records #

A formal record of data deletion shall be maintained. This shall include a record of the process, requesters, approvers, a chain of custody and serial numbers for any physical assets.