"Chad Fernandez" <[EMAIL PROTECTED]> wrote:
> What do you mean by verification and proof? Verification and proof that
> any particular drive has been wiped destroyed etc., as in hard evidence,
> or just a record of a particular procedure that was followed?
Actually, legally speaking, "proof" is not a good choice of words, but
that's how the client put it in fact. He can show the auditors that he has a
procedure, he can describe that procedure, but he can't verify (or in his
words, "prove it") without showing the results or something that confirms
them.
> If it is
> anything like the QS/ISO audits that they do at work, all you have to do
> is have a particular process/procedure in place with documentation.
> That doesn't really provide proof,
True, but again they need to have something that can be verified. They can
look at a device and verify it's not usable if it's been whacked.
> However. Mind you, I'm not
> suggesting that documentation should exist on drives that didn't follow
> the proper procedure, I'm saying that the procedure should be changed,
> so that the drives can be still used afterwards. If the the
> documentation exists for the given procedure and drive, isn't that
> compliance with the law?
Oh definitely. But the problem is the TIME it takes, and the manpower,
dollars etc. Either wiping properly or destruction will comply. Sadly,
they're in the position of having to save money, not necessarily do the
"right" thing.
- Bob
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
