What is the output of Ensure Information Preservation in the disposal phase of the SDLC?

In the disposal phase of the Software Development Life Cycle (SDLC), the focus on "Ensure Information Preservation" emphasizes the need for safeguarding sensitive information during the disposal process. The correct output in this context is media sanitization records, which document how storage media containing sensitive information has been securely erased, destroyed, or otherwise rendered unrecoverable.

Proper media sanitization is critical to prevent unauthorized access to data, ensuring that all information has been effectively and irreversibly removed from the devices being disposed of. These records are essential not only for compliance with regulatory requirements but also for demonstrating due diligence in information security practices.

While disposition records for hardware and software, documentation verifying system closure, and an index of information, location, and retention attributes each serve important roles in the broader context of data management and system decommissioning, they do not specifically address the core intent of safeguarding information during disposal. Media sanitization records specifically focus on the procedures and verification processes that confirm no residual information remains, directly aligning with the goal of ensuring information preservation.