p43.md

SOC2 - P4.3

The entity securely disposes of personal information to meet the entity’s objectives related to privacy

Captures, Identifies, and Flags Requests for Deletion

Requests for deletion of personal information are captured, and information related to the requests is identified and flagged for destruction to meet the entity’s objectives related to privacy

Disposes of, Destroys, and Redacts Personal Information

Personal information no longer retained is anonymized, disposed of, or destroyed in a manner that prevents loss, theft, misuse, or unauthorized access

Destroys Personal Information

Policies and procedures are implemented to erase or otherwise destroy personal information that has been identified for destruction.

Mapped SCF controls

• DCH-09.3 - Sanitization of Personal Data (PD)
• DCH-21 - Information Disposal
• PRI-05 - Personal Data Retention & Disposal