When to use this
Use this checklist when verifying deletion of information from cloud services, backups, archives, snapshots, or replicated storage.
Related controls
- A.8.10 Information Deletion
- A.5.23 Information Security for Use of Cloud Services
- A.5.30 ICT Readiness for Business Continuity
Checklist
- Cloud service or backup location identified.
- Retention rule confirmed.
- Deletion process is provider/system-supported.
- Replicas, snapshots, archives, and logs considered.
- Backup expiry behavior confirmed.
- Legal hold or records retention conflicts checked.
- Deletion evidence captured.
- Residual copies or delayed deletion documented.
- Owner verified completion.
Review table
| System/service | Data set | Retention rule | Deletion method | Residual copy risk | Evidence | Owner |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Cloud
- Backup
- Information deletion
Note Metadata
Aliases: Backup Deletion Checklist
Source: 90 Templates/Cloud and Backup Deletion Checklist.md
Related Notes
- ISO 27001 A.5.23 - Information Security for Use of Cloud Services
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- A.8.10 Audit Evidence Pack
- ISO 27001 A.8.10 - Information Deletion
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.10 Audit Checklist
- Templates MOC