Data Destruction & Information Security Policy

    Last Updated: 24 April 2025 | Next Review Due: 24 April 2026

    1) Purpose

    To protect client and company data through secure handling, erasure, and destruction of data-bearing assets.

    2) Scope

    Applies to all devices handled by SmartTechHub and partners from collection to final disposition.

    3) Standards

    All sanitisation and destruction to HMG Infosec Standard 5 (Higher) and NIST 800-88 Rev.1.

    4) Chain of Custody

    • Every asset recorded on receipt.
    • Controlled storage with restricted access.
    • Transfers signed and logged end-to-end.

    5) Erasure Process

    • Multi-pass overwrite with verification logs.
    • Non-wipeable media physically destroyed.
    • Certificates of Destruction issued to clients.

    6) Information Security Controls

    • Encryption at rest and in transit.
    • MFA, endpoint protection, and patching.
    • Role-based access and staff vetting.
    • Annual security training and NDA enforcement.

    7) Incident Response

    Suspected breaches reported to the DPO within 24 hours and managed per the GDPR Incident Procedure.

    Security Questions?

    Contact our Data Protection Officer for security-related inquiries.