nerdexam
(ISC)2

CISSP · Question #503

Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

The correct answer is C. Amount of overwrites required. When contracting a third party for hard drive data disposal, specifying the number of overwrites ensures data is rendered unrecoverable to an agreed-upon security standard.

Submitted by rachelw· Mar 5, 2026Asset Security

Question

Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Options

  • AAuthorized destruction times
  • BAllowed unallocated disk space
  • CAmount of overwrites required
  • DFrequency of recovered media

How the community answered

(34 responses)
  • A
    9% (3)
  • B
    12% (4)
  • C
    76% (26)
  • D
    3% (1)

Why each option

When contracting a third party for hard drive data disposal, specifying the number of overwrites ensures data is rendered unrecoverable to an agreed-upon security standard.

AAuthorized destruction times

Authorized destruction times relate to scheduling and logistics but do not directly ensure the thoroughness or security of the actual data destruction process.

BAllowed unallocated disk space

Unallocated disk space is a storage concept unrelated to the contractual requirements for secure data destruction methodology or verification.

CAmount of overwrites requiredCorrect

The number of overwrites required directly determines the effectiveness of data sanitization; standards like DoD 5220.22-M and NIST SP 800-88 specify overwrite passes to ensure data cannot be forensically recovered. Contractually defining this requirement holds the third party accountable to a specific, measurable destruction standard, protecting the organization from data breaches resulting from inadequate sanitization.

DFrequency of recovered media

Frequency of recovered media is not a standard contractual term for data disposal; it does not define how data is destroyed or verify that destruction meets a security baseline.

Concept tested: Secure data disposal standards and third-party contracts

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Topics

#Data disposal#secure erasure#third-party contracts#asset sanitization

Community Discussion

No community discussion yet for this question.

Full CISSP Practice