What step should be taken to ensure the decommissioning process protects the organization's sensitive data?

To protect an organization's sensitive data during the decommissioning process, physically destroying the drives is the most effective method. This ensures that the data stored on those drives cannot be retrieved or reconstructed by any means. Physical destruction can involve shredding, crushing, or incinerating the drives, effectively rendering the data irretrievable.

Other methods like formatting or archiving data do not guarantee that sensitive information is permanently erased. Formatting may remove pointers to the data, but the information can still be recovered with sophisticated tools. Backing up data on a remote server creates additional copies that may also be vulnerable if not properly secured. Archiving data in a secure cloud service, while it may keep the information safe, doesn’t address the need to permanently eliminate sensitive data from decommissioned equipment. Thus, physical destruction stands out as the most reliable step for ensuring sensitive data protection during decommissioning.