![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
1·
2 months agoIt certainly is. ISO 27001 is a framework, not very prescriptive at all. Basically an auditor will ask “how do you ensure data isn’t leaving your facility in the form of discarded hardware?” If you say “here’s a link to our media destruction policy. It says all drives are wiped according to NIST 800-88 cryptographic erasure. If that is not possible or not applicable, the drive is destroyed. Here’s our log of decomissioned equipment” chances are very good they’ll say “OK great let’s move on to the next one” with only minor followup questions.
I hate how people mix up correlation and causation with JC Penney and it’s couponless trial. The company was ALREADY very much on a fast track to bankruptcy when it decided to try removing coupons - that’s why they tried it. It didn’t make enough of a difference to pull them out of the nosedive they were in.
It’s not that not doing coupons doesn’t work, it just didn’t save a failing business.