Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

R202. Delete sensitive information

This document contains the details of the security requirements related to the definition and management of physical devices in the organization. This requirement establishes the importance of defining the sensitive information treatment in different scenarios and events.


The device must delete all sensitive information there contained in case of opening.


  1. HIPAA Security Rules 164.310(d)(2)(i): Disposal: Implement policies and procedures to address the final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored.

  2. OWASP-ASVS v3.1-9.6 Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.

Service status - Terms of Use