Understand subprocessor offboarding
Microsoft's subprocessor engagement lifecycle includes provisions for subprocessor offboarding to protect Customer and Personal Data from unauthorized disclosure, modification, or loss. At the expiration or termination of in-scope subprocessor services, or upon request by Microsoft, subprocessors must either return all customer information (including copies) to Microsoft or permanently and securely destroy all customer information (including copies). Microsoft selects the appropriate option based on the nature of the data. When requested, all data must be returned to Microsoft within seven days.
Requirements for data destruction
When customer information must be destroyed, Microsoft requires subprocessors to comply with the following guidelines to ensure the data is securely destroyed to prevent unauthorized disclosure of customer information during or after information disposal. All digital media must be destroyed by incineration or shredding in compliance with acceptable IT Asset Disposition (ITAD) standards to effectively destroy the media in such a way that data cannot be extracted or replicated. Certification standards and compliance for secure destruction include NAID, OHSAS 18001:2007, e-Stewards Electronics Recycler, TAPA FSR-Class A, ISO 14001:2004, ISO 9001:2008, ISO 27001:2013, NIST, and DOD.
For printed materials containing customer information:
- All materials must be treated as Highly Confidential.
- All materials must be stored in secure shred bins or secure rooms prior to shredding.
- Shredding must be witnessed and documented by an onsite member of the provider's security team.
- Shredding must use certified shred machines that adhere to the NSA standard. As part of this standard, shredders must be capable of shredding to a level that protects against industrial espionage and allows shredded material to be recycled.