AAISM and healthcare privacy regulations (HIPAA-like guidance within AAISM contexts) stress that documented destruction of sensitive data is required when decommissioning systems.
A certificate of destruction ensures:
• proof of lawful data disposal
• auditability
• regulatory compliance
• defensibility during inspections
Post-destruction risk assessments (A) are not primary compliance evidence. Backup tests (B) are operational tasks, not decommissioning proof. Policy updates (C) are future improvements.
[References: AAISM Study Guide – AI Decommissioning & Regulatory Compliance; Data Destruction Evidence., ============================================, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit