ISO 27001:2022 Annex A 8.10 Checklist Guide •

ISO 27001:2022 Annex A 8.10 Checklist Guide

See how ISMS.online can help your business

See it in action
By Max Edwards | Updated 15 August 2024

Utilising a checklist for A.8.10 Information Deletion ensures thorough and consistent implementation of secure data deletion practices, enhancing organisational compliance with ISO 27001:2022 and protecting against data breaches. This systematic approach fosters accountability, transparency, and continuous improvement in information security management.

Jump to topic

ISO 27001 A.8.10 Information Deletion Checklist

A.8.10 Information Deletion in ISO 27001:2022 is a pivotal control focusing on the secure and complete removal of information that is no longer needed. This control is essential for preventing unauthorised access to sensitive data, mitigating the risk of data breaches, and ensuring compliance with regulatory obligations.

Implementing A.8.10 requires a structured approach, encompassing detailed policies, advanced deletion methods, thorough verification, clear responsibility assignment, and regular reviews.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Why Should You Comply With Annex A.8.10? Key Aspects and Common Challenges

Data Retention Policy

    Challenge: Crafting a comprehensive data retention policy that aligns with diverse legal, regulatory, and business requirements across various data types and jurisdictions. Inconsistent policies can lead to accidental retention or premature deletion of critical data.

  • Solution: Utilise ISMS.online’s Policy Templates and Pack to establish robust data retention and deletion policies. These templates ensure comprehensive coverage, and Version Control and Document Access features maintain up-to-date policies accessible to all relevant stakeholders, ensuring compliance and accountability.
  • Related ISO 27001 Clauses: Context of the Organisation, Leadership, and Planning

Secure Deletion Methods

    Challenge: Implementing secure deletion methods that are effective across various storage media, including HDDs, SSDs, and cloud services. Ensuring that deleted data is irretrievable poses a technical challenge, especially with advanced data recovery techniques.

  • Solution: ISMS.online’s Asset Management features, such as the Asset Registry and Labelling System, assist in identifying and classifying information assets. This enables the selection of appropriate deletion methods, such as data wiping, degaussing, and physical destruction, ensuring thorough and secure data disposal.
  • Related ISO 27001 Clauses: Support, Operation, and Performance Evaluation

Verification and Documentation

    Challenge: Ensuring comprehensive verification and documentation of information deletion processes, which is critical for audit readiness and compliance verification.

  • Solution: The Incident Tracker in ISMS.online’s Incident Management module provides detailed documentation of the deletion process, including who authorised and executed the deletion, the methods used, and the verification steps taken. This ensures that all actions are recorded and can be reviewed during audits, enhancing transparency and accountability.
  • Related ISO 27001 Clauses: Documented Information, Monitoring, Measurement, Analysis, and Evaluation

Responsibility Assignment

    Challenge: Clearly defining and communicating roles and responsibilities within the information deletion process to prevent gaps or unauthorised actions.

  • Solution: ISMS.online’s Policy Management facilitates clear role definitions and responsibilities. This includes specifying who is authorised to perform deletions, who verifies them, and who audits the processes, ensuring that all personnel are trained and aware of their duties.
  • Related ISO 27001 Clauses: Organisational Roles, Responsibilities, and Authorities, and Awareness

Periodic Review

    Challenge: Regularly reviewing and updating deletion procedures to adapt to new technological advancements, emerging security threats, and evolving regulatory landscapes.

  • Solution: ISMS.online’s Audit Management features, including Audit Templates and Documentation, support regular audits and reviews of deletion processes. The Compliance Management tools, such as the Regs Database and Alert System, ensure that the organisation stays informed about regulatory changes, enabling timely updates to policies and procedures.
  • Related ISO 27001 Clauses: Internal Audit, Management Review, and Continual Improvement


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

ISMS.online Features for Demonstrating Compliance with A.8.10

  • Policy Management:

    • Policy Templates and Pack: Create comprehensive data retention and deletion policies, covering all necessary aspects and aligning with legal requirements.
    • Version Control and Document Access: Maintain up-to-date policies and ensure they are accessible to all stakeholders, supporting transparency and accountability.
  • Incident Management:

    • Incident Tracker: Record and manage all incidents related to data deletion, documenting each step to ensure proper handling and verification.
  • Asset Management:

    • Asset Registry and Labelling System: Track and classify information assets, ensuring appropriate deletion methods are applied and documented.
    • Monitoring and Access Control: Control access to data, ensuring that only authorised personnel can perform or verify deletions.
  • Audit Management:

    • Audit Templates and Documentation: Conduct regular audits to verify compliance with information deletion procedures and document findings.
    • Corrective Actions: Implement and track corrective actions to address any identified issues, ensuring continuous improvement.
  • Compliance Management:

    • Regs Database and Alert System: Stay informed about changes in laws and regulations related to data retention and deletion.
    • Reporting and Training Modules: Provide training on secure deletion practices and generate compliance reports to demonstrate adherence to policies.

Detailed Annex A.8.10 Compliance Checklist

  • Data Retention Policy

    • Develop a comprehensive data retention policy covering all data types and retention periods.
    • Ensure the policy aligns with relevant legal, regulatory, and business requirements.
    • Regularly review and update the policy to reflect changes in laws, regulations, or business needs.
  • Secure Deletion Methods

    • Identify all information assets and classify them according to sensitivity and storage media type.
    • Implement secure deletion methods appropriate for each type of storage medium, such as data wiping, degaussing, or physical destruction.
    • Test deletion methods periodically to ensure they are effective and data cannot be recovered.
  • Verification and Documentation

    • Document all deletion processes, including the methods used, verification steps taken, and any issues encountered.
    • Maintain a log of who authorised and performed the deletions, with timestamps.
    • Regularly audit deletion records to ensure compliance with the policy and identify any areas for improvement.
  • Responsibility Assignment

    • Clearly define and assign roles and responsibilities for all aspects of the information deletion process.
    • Ensure all personnel involved are trained and aware of their responsibilities.
    • Provide ongoing training and updates as policies and procedures evolve.
  • Periodic Review

    • Schedule and conduct regular reviews of deletion procedures to ensure they remain effective and compliant.
    • Update procedures as needed to address new technologies, threats, or regulatory requirements.
    • Document and communicate any changes in procedures to all relevant stakeholders.

By addressing these common challenges with the comprehensive features offered by ISMS.online, a Chief Information Security Compliance Officer (CICSO) can ensure the secure and compliant deletion of information, protecting the organisation from potential data breaches and compliance issues. This detailed approach not only meets but exceeds the requirements of ISO 27001:2022, ensuring robust information security practices are in place.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Every Annex A Control Checklist Table

ISO 27001 Annex A.5 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.5.1Policies for Information Security Checklist
Annex A.5.2Information Security Roles and Responsibilities Checklist
Annex A.5.3Segregation of Duties Checklist
Annex A.5.4Management Responsibilities Checklist
Annex A.5.5Contact With Authorities Checklist
Annex A.5.6Contact With Special Interest Groups Checklist
Annex A.5.7Threat Intelligence Checklist
Annex A.5.8Information Security in Project Management Checklist
Annex A.5.9Inventory of Information and Other Associated Assets Checklist
Annex A.5.10Acceptable Use of Information and Other Associated Assets Checklist
Annex A.5.11Return of Assets Checklist
Annex A.5.12Classification of Information Checklist
Annex A.5.13Labelling of Information Checklist
Annex A.5.14Information Transfer Checklist
Annex A.5.15Access Control Checklist
Annex A.5.16Identity Management Checklist
Annex A.5.17Authentication Information Checklist
Annex A.5.18Access Rights Checklist
Annex A.5.19Information Security in Supplier Relationships Checklist
Annex A.5.20Addressing Information Security Within Supplier Agreements Checklist
Annex A.5.21Managing Information Security in the ICT Supply Chain Checklist
Annex A.5.22Monitoring, Review and Change Management of Supplier Services Checklist
Annex A.5.23Information Security for Use of Cloud Services Checklist
Annex A.5.24Information Security Incident Management Planning and Preparation Checklist
Annex A.5.25Assessment and Decision on Information Security Events Checklist
Annex A.5.26Response to Information Security Incidents Checklist
Annex A.5.27Learning From Information Security Incidents Checklist
Annex A.5.28Collection of Evidence Checklist
Annex A.5.29Information Security During Disruption Checklist
Annex A.5.30ICT Readiness for Business Continuity Checklist
Annex A.5.31Legal, Statutory, Regulatory and Contractual Requirements Checklist
Annex A.5.32Intellectual Property Rights Checklist
Annex A.5.33Protection of Records Checklist
Annex A.5.34Privacy and Protection of PII Checklist
Annex A.5.35Independent Review of Information Security Checklist
Annex A.5.36Compliance With Policies, Rules, and Standards for Information Security Checklist
Annex A.5.37Documented Operating Procedures Checklist


ISO 27001 Annex A.6 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.6.1Screening Checklist
Annex A.6.2Terms and Conditions of Employment Checklist
Annex A.6.3Information Security Awareness, Education and Training Checklist
Annex A.6.4Disciplinary Process Checklist
Annex A.6.5Responsibilities After Termination or Change of Employment Checklist
Annex A.6.6Confidentiality or Non-Disclosure Agreements Checklist
Annex A.6.7Remote Working Checklist
Annex A.6.8Information Security Event Reporting Checklist


ISO 27001 Annex A.7 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.7.1Physical Security Perimeters Checklist
Annex A.7.2Physical Entry Checklist
Annex A.7.3Securing Offices, Rooms, and Facilities Checklist
Annex A.7.4Physical Security Monitoring Checklist
Annex A.7.5Protecting Against Physical and Environmental Threats Checklist
Annex A.7.6Working in Secure Areas Checklist
Annex A.7.7Clear Desk and Clear Screen Checklist
Annex A.7.8Equipment Siting and Protection Checklist
Annex A.7.9Security of Assets Off-Premises Checklist
Annex A.7.10Storage Media Checklist
Annex A.7.11Supporting Utilities Checklist
Annex A.7.12Cabling Security Checklist
Annex A.7.13Equipment Maintenance Checklist
Annex A.7.14Secure Disposal or Re-Use of Equipment Checklist


ISO 27001 Annex A.8 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.8.1User Endpoint Devices Checklist
Annex A.8.2Privileged Access Rights Checklist
Annex A.8.3Information Access Restriction Checklist
Annex A.8.4Access to Source Code Checklist
Annex A.8.5Secure Authentication Checklist
Annex A.8.6Capacity Management Checklist
Annex A.8.7Protection Against Malware Checklist
Annex A.8.8Management of Technical Vulnerabilities Checklist
Annex A.8.9Configuration Management Checklist
Annex A.8.10Information Deletion Checklist
Annex A.8.11Data Masking Checklist
Annex A.8.12Data Leakage Prevention Checklist
Annex A.8.13Information Backup Checklist
Annex A.8.14Redundancy of Information Processing Facilities Checklist
Annex A.8.15Logging Checklist
Annex A.8.16Monitoring Activities Checklist
Annex A.8.17Clock Synchronisation Checklist
Annex A.8.18Use of Privileged Utility Programs Checklist
Annex A.8.19Installation of Software on Operational Systems Checklist
Annex A.8.20Networks Security Checklist
Annex A.8.21Security of Network Services Checklist
Annex A.8.22Segregation of Networks Checklist
Annex A.8.23Web Filtering Checklist
Annex A.8.24Use of Cryptography Checklist
Annex A.8.25Secure Development Life Cycle Checklist
Annex A.8.26Application Security Requirements Checklist
Annex A.8.27Secure System Architecture and Engineering Principles Checklist
Annex A.8.28Secure Coding Checklist
Annex A.8.29Security Testing in Development and Acceptance Checklist
Annex A.8.30Outsourced Development Checklist
Annex A.8.31Separation of Development, Test and Production Environments Checklist
Annex A.8.32Change Management Checklist
Annex A.8.33Test Information Checklist
Annex A.8.34Protection of Information Systems During Audit Testing Checklist


How ISMS.online Help With A.8.10

Ready to elevate your information security practices to the next level?

Discover how ISMS.online can streamline your compliance with ISO 27001:2022, including the critical A.8.10 Information Deletion control. Our comprehensive platform offers everything you need to implement and manage secure deletion processes, ensuring your organisation remains compliant and protected against data breaches.

Take the first step towards robust information security management today!

Contact ISMS.online to schedule a personalised demo and see how our features can transform your compliance efforts. Our experts are ready to guide you through the platform and answer any questions you may have. Secure your data, streamline your compliance, and empower your team with ISMS.online.

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Explore ISMS.online's platform with a self-guided tour - Start Now