Contractors must apply the appropriate destructions methods to paper-based and electronic classified information.
Additionally contractors must obtain written approval from the ATO data owner prior to destruction.
Paper-based resources
Careless disposal of information increases the likelihood of unauthorised disclosure. Contractors must ensure waste ATO information is destroyed in accordance with government standards, which requires mutilation to the extent that it would be impossible to recognise or use the content. Approved methods include:
- shredding
- wet pulping
- burning
- pulverisation
- disintegration.
Destruction of our information may occur through:0
- an ATO-approved classified waster destruction facility
- the contractor's premises using an ATO-approved destruction method
- return of the classified waste to an ATO site.
Contractors proposing to destroy ATO information either at their premises or using a commercial service provider must first consult ATO Physical Security Management.
ATO information pending destruction must be safeguarded in an appropriately secure environment. Recycling of waste ATO information is only permitted for material which has already been destroyed by approved methods.
The ATO and Australian Archives have records disposal schedules which detail retention periods and other requirements relating to particular types of documents. These requirements must be adhered to when preparing to destroy ATO information. When in doubt, you should contact your contract manager.
Electronic media and equipment
Information can still be retrieved from IT equipment and electronic storage media which has either failed or outlived its purpose. It is essential for computing media which has carried ATO information to be disposed of appropriately. Contractors must provide destruction plans for electronic media and equipment before starting services and these must be endorsed by ATO IT Security, Contractors must develop asset registers which include a unique register for the media; if the media is in storage or in use, where it is in use, and if the media has been sanitised or destroyed (if used to store or communicate ATO information)