Secure Destruction. i. NHS data is subject to legal retention periods and should not be destroyed unless the Contractor has received specific instruction to do so from the Customer. Where data has been identified for disposal: a) The Contractor shall ensure that NHS information held in paper form (regardless of whether originally provided by the Customer or printed from the Contractor's IT systems) is destroyed using a cross cut shredder or subcontracted to a confidential waste company that complies with European Standard EN15713. b) The Contractor shall ensure that electronic storage media used to hold or process NHS Information is destroyed or overwritten to current CESG standards as defined at ▇▇▇.▇▇▇▇.▇▇▇.▇▇ c) In the event of any bad or unusable sectors that cannot be overwritten, the Contractor shall ensure complete and irretrievable destruction of the media itself. d) The Contractor shall provide the Customer with copies of all relevant overwriting verification reports and/or certificates of secure destruction of NHS information at the conclusion of the contract.
Appears in 2 contracts
Sources: Data Processing Agreement, Data Processing Agreement