What does control A.1.4.7 require?
The organisation shall ensure that temporary files created as a result of the processing of PII are disposed of (e.g. erased or destroyed) following documented procedures within a specified, documented period.
This control sits within the PII minimization objective (A.1.4) and targets a specific, often neglected category of data: the temporary files, caches, logs, exports and intermediate outputs that systems create during normal processing. These files frequently contain full copies of PII and can persist long after the processing that created them has completed.
What does the implementation guidance say?
Annex B (section B.1.4.7) provides the following guidance:
- Identify where temporary files are created — Map out all locations where temporary files containing PII may be generated, including system caches, application logs, print spools, temporary databases, data export files, staging areas and working copies
- Define maximum retention periods — For each type of temporary file, define the maximum time it should exist before disposal
- Implement automated disposal — Where possible, use automated mechanisms (scheduled deletion scripts, cache expiry policies, log rotation) to ensure temporary files are removed without relying on manual action
- Verify disposal — Confirm that disposal has actually occurred, particularly for manual processes where files may be overlooked
- See also A.1.4.2: Limit Collection for related requirements
- See also A.1.4.4: Accuracy and Quality for related requirements
The practical challenge is that temporary files are created by systems, not by people. Application servers, databases, email systems, reporting tools and even office software generate temporary files as part of normal operation. The organisation needs to understand its technical landscape well enough to identify where PII may appear in temporary form.
How does this map to GDPR?
Control A.1.4.7 maps to GDPR Article 5(1)(c), the data minimisation principle. Temporary files that persist beyond their immediate need represent an unnecessary retention of personal data. The GDPR does not specifically mention temporary files, but the minimisation principle requires that personal data is not kept in any form longer than necessary, which includes transient copies.
How does this relate to ISO 29100 privacy principles?
This control supports the ISO 29100 principle of Use, retention and disclosure limitation, which requires that PII should be retained only as long as necessary to fulfil the stated purposes. Temporary files by definition exist for transient purposes and should be among the first data to be disposed of when no longer needed.
Get started easily with a personal product demo
One of our onboarding specialists will walk you through our platform to help you get started with confidence.
What evidence do auditors expect?
When assessing compliance with A.1.4.7, auditors will typically look for:
- Temporary file inventory — A documented list of all locations and system components where temporary files containing PII may be created
- Retention period definitions — Specified maximum retention periods for each type of temporary file, with justification
- Disposal procedures — Documented procedures for disposing of each type of temporary file, including the method of disposal and who is responsible
- Automation evidence — Configuration records for automated disposal mechanisms (cron jobs, cache policies, log rotation settings, auto-delete rules)
- Verification records — Evidence of periodic checks confirming that temporary files are being disposed of as expected, particularly for any manual disposal processes
- Incident records — Any instances where temporary files were found to have persisted beyond their defined retention period, and the corrective actions taken
What are the related controls?
| Control | Relationship |
|---|---|
| A.1.4.5 PII minimization objectives | Temporary file disposal is part of the overall minimisation strategy |
| A.1.4.6 De-identification and deletion | Deletion procedures for temporary files follow the same principles as end-of-processing deletion |
| A.1.4.9 Disposal | Disposal mechanisms must cover temporary files as well as primary data stores |
| A.1.4.8 Retention | Retention policies should explicitly address temporary files alongside permanent storage |
| A.1.4.3 Limit processing | Temporary files represent incidental processing that must still be within scope |
| A.1.4.10 PII transmission controls | Transmission processes often create temporary staging files that need disposal |
What changed from ISO 27701:2019?
For a step-by-step approach, see the Transition from 2019 to 2025.
In the 2019 edition, temporary files were addressed under Clause 7.4.6 (temporary files). The 2025 control is substantively identical in its requirements. The restructured Annex A/B format provides clearer implementation guidance, particularly around the need for automated disposal and verification. See the Annex F correspondence table for the full mapping.
Free yourself from a mountain of spreadsheets
Embed, expand and scale your compliance, without the mess. IO gives you the resilience and confidence to grow securely.
Why choose ISMS.online for managing temporary file compliance?
ISMS.online helps you turn a typically overlooked compliance area into a documented, auditable process:
- Temporary file register — Catalogue all locations where temporary files containing PII are generated, with defined retention periods and disposal methods for each
- Disposal scheduling — Set up disposal tasks with automated reminders, ensuring nothing is forgotten even for manual disposal processes
- Verification checklists — Create recurring verification checks to confirm temporary files have been disposed of as expected, with documented outcomes
- Risk assessment integration — Link temporary file risks to your broader information security risk register, ensuring they receive appropriate attention
- Audit evidence — Export disposal records, verification results and procedure documentation as part of your certification evidence pack
FAQs
What types of temporary files typically contain PII?
Common examples include: application server caches, database query result caches, print spool files, email attachment caches, CSV and Excel exports from CRM or HR systems, ETL staging files, log files with user identifiers, browser cookies stored on shared devices, temporary copies created during data migration and draft or autosave files from document editing. The specific types will depend on your technology stack and processing activities.
How short should the retention period for temporary files be?
The standard does not prescribe specific periods but requires them to be “specified” and “documented”. The appropriate period depends on the type of file and its technical purpose. A print spool file might reasonably be deleted within hours, while a data migration staging file might need to exist for days until the migration is verified. The key principle is that the period should be as short as is practical for the file’s purpose, and disposal should happen automatically where possible.
Should log files be treated as temporary files under this control?
If log files contain PII (such as user IDs, email addresses or IP addresses), they should be included in your temporary file management or addressed through your retention policy under A.1.4.8. Many organisations treat application and access logs as a separate category with their own retention periods, often driven by security monitoring requirements. The important thing is that they are documented, have defined retention periods and are disposed of when those periods expire.
