Uses logical techniques to overwrite data in user-addressable locations; protects against simple recovery tools.
The standard, titled "Information technology — Security techniques — Storage security," provides a comprehensive technical framework for securing data storage systems throughout their entire lifecycle. It was officially updated in early 2024, replacing the previous 2015 version with more stringent requirements, particularly regarding media sanitization and cloud storage security. Executive Summary: ISO/IEC 27040:2024 iso iec 27040 pdf
: Identification of common threats such as unauthorized access, data leakage, and physical theft of storage media. Design & Implementation The standard is part of the ISO/IEC 27000
The 2024 update transformed the document from a "best practice guide" into a more rigorous standard with enforceable requirements. iso iec 27040 pdf
ISO/IEC 27040 is an international standard that provides guidelines for cloud security. The standard is part of the ISO/IEC 27000 series, which focuses on information security management systems (ISMS). ISO/IEC 27040 provides a framework for organizations to ensure the security of their cloud computing environments.
Searching for a free, unauthorized copy of the standard might be tempting, but there are several compelling reasons to acquire the official from a recognized standards body: