ISO 27001:2022 Annex A 8.10 Information deletion

In this guide, I will show you exactly how to implement ISO 27001 Annex A 8.10 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy.

I am Stuart Barker, an ISO 27001 Lead Auditor with over 30 years of experience conducting hundreds of audits. I will cut through the jargon to show you exactly what changed in the 2022 update and provide you with plain-English advice to get you certified.

Key Takeaways: ISO 27001 Annex A 8.10 Information Deletion

ISO 27001 Annex A 8.10 is a new control introduced in the 2022 update. It requires organizations to securely delete information when it is no longer required. The goal is twofold: to comply with legal requirements like GDPR’s “Right to Erasure” and to reduce the “Attack Surface”, if you don’t have the data, it can’t be stolen in a breach.

Core requirements for compliance include:

Beyond the “Trash Can”: Standard operating system deletion is often reversible. For sensitive data, you must use methods that make the information unrecoverable (e.g., overwriting, degaussing, or physical destruction).
Retention Alignment: Deletion should not be random. It must follow your Document Retention Policy, which specifies exactly how long you are legally and operationally required to keep different types of data.
Cloud & Virtual Deletion: In cloud environments (AWS/Azure/GCP), you must use techniques like Crypto-shredding – deleting the encryption key so the data becomes undecipherable and effectively “deleted.”
Evidence of Destruction: For bulk deletions or hardware disposal, you must keep records. If you use a third-party shredding service, you must obtain and store a Certificate of Destruction.

Audit Focus: Auditors will look for “The Lifecycle of Data”:

The Trigger: “How do you know when it’s time to delete a customer’s record?”
The Method: “Show me the tool you use to wipe hard drives before they are sent for recycling.”
The Proof: “Show me the logs or certificates that prove your mass-deletion process actually happened.”

Levels of Deletion (Technical Comparison):

Level	Action	Recoverable?	Use Case
Soft Delete	Moving to Recycle Bin.	Yes (Easily)	Everyday user errors; not for sensitive data.
Secure Erase	Overwriting data with 0s and 1s.	No (Difficult)	Re-purposing a laptop for a new employee.
Crypto-Shredding	Deleting the encryption key.	No (Impossible)	Securely “wiping” cloud storage or encrypted drives.
Physical Destruction	Shredding or Degaussing.	No	End-of-life hardware and old hard drives.

Key Takeaways: ISO 27001 Annex A 8.10 Information Deletion
What is ISO 27001 Annex A 8.10?
Why is information deletion important?
ISO 27001 Annex A 8.10 Explainer Video
ISO 27001 Annex A 8.10 Podcast
ISO 27001 Annex A 8.10 Free Training Video
ISO 27001 Annex A 8.10 Implementation Guidance
How to implement ISO 27001 Annex A 8.10
Levels of Deletion
How to pass an ISO 27001 Annex A 8.10 audit
How to comply
Top 3 ISO 27001 Annex A 8.10 mistakes and how to avoid them
ISO 27001 Annex A 8.10 FAQ
Related ISO 27001 Controls
Controls and Attribute Values

What is ISO 27001 Annex A 8.10?

The focus for this ISO 27001 Annex A Control is information deletion. As one of the ISO 27001 controls this is about deleting data properly reducing the exposure of sensitive information and complying with laws, regulations and contractual requirements.

ISO 27001 Annex A 8.10 Information Deletion is an ISO 27001 control that looks to make sure you are deleting data when it is no longer required in a way that it cannot be recovered.

ISO 27001 Annex A 8.10 Purpose

The purpose of Annex A 8.10 Information Deletion is to prevent unnecessary exposure of sensitive information and to comply with legal, statutory, regulatory and contractual requirements for information deletion.

ISO 27001 Annex A 8.10 Definition

The ISO 27001 standard defines ISO 27001 Annex A 8.10 as:
Information stored in information systems, devices or in any other storage media should be deleted when no longer required. – ISO 27001:2022 Annex A 8.10 Information Deletion

Why is information deletion important?

Information deletion is important because the basic techniques provided in tools and software and not usually adequate to fully delete information. It can be easily recovered and this means that information can end up in the wrong hands causing financial and reputational damage.

ISO 27001 Annex A 8.10 Explainer Video

In this beginner’s guide to ISO 27001 Annex A 8.10 Information Deletion, ISO 27001 Lead Auditor Stuart Barker and his team talk you through what it is, how to implement in and how to pass the audit. Free ISO 27001 training.

ISO 27001 Annex A 8.10 Podcast

In this episode: Lead Auditor Stuart Barker and team do a deep dive into the ISO 27001:2022 Annex A 8.10 Information Deletion. The podcast explores what it is, why it is important and the path to compliance.

ISO 27001 Annex A 8.10 Free Training Video

In the video ISO 27001 Information Deletion Explained – ISO27001:2022 Annex A 8.10 I show you how to implement it and how to pass the audit.

ISO 27001 Annex A 8.10 Implementation Guidance

General Guidance

Sensitive and confidential data should not be kept for longer than is necessary. There are many reasons for this including specific data protection laws like the GDPR relating to personal data, but in more general terms this is best practice. You will find not only laws specify that this but also regulations and your client contracts.

ISO 27001 Information Classification and Handling Policy

Your start it point is to define your information classification scheme and set out your Information Classification and Handling Policy. For a fast track you can download the ISO 27001 Information Classification and Handling Policy Template that sets out a common information classification scheme and detailed handling policy points. It includes within it what we do for the deletion of information for each of the classification schemes. The ISO 27001 Information Classification and Handling Policy Beginner’s Guide is a great resource to learn more about this policy.

Select deletion methods

Whilst the template includes the deletion methods that are common and best practice if writing your own policy you should set out what the deletion methods are taking into account the data classification and the constraints of law, contracts and regulations.

You can look to automate or implement system controls that securely destroy information based on a process step or a trigger.

Things that may be overlooked are the deletion of temporary files, copies of files or versions of files that are no longer needed.

For software you want to consider professional deletion software to permanently delete information. This is more targeted at sensitive and confidential data with software working for government and military standards of overwriting and deletion. Just putting it in the ‘trash can’ or hitting the default operating system delete key is often not sufficient.

There are techniques to consider such as magnetic erasure and degaussing approaches but on the whole, the best advice, is to utilise the services of a professional third party service provider, under contract and to keep records and receipts.

Records of Deletion

When you delete data, and especially if this is on bulk or part of a deletion process then you should maintain records of the deletion. Examples of this can be getting records of destruction or deletion from third parties if you rely on them to conduct this exercise. Other examples include change control records as part of the change management process, incident or ticket related records or even system logs.

Transportation of devices

The standard is quite in depth on coverage, and whilst not appropriate for all organisations and situations, the consideration to remove storage devices when main devices are moved or sent back to vendors can be considered. The use of factory reset is also good practice.

How to implement ISO 27001 Annex A 8.10

Implementing a formalised information deletion process is a technical necessity for complying with the UK GDPR “Right to Erasure” and maintaining a clean security posture. By following these action-oriented steps, your organisation can ensure that sensitive data is permanently removed from all systems, backups, and storage media once it is no longer required, thereby satisfying the requirements of ISO 27001 Annex A 8.10.

1. Formalise a Data Retention and Disposal Policy

Identify and categorise all information assets to determine their specific legal, regulatory, and business retention periods.
Draft a “Rules of Engagement” (ROE) document that defines the technical triggers for deletion, such as account termination or contract expiry.
Result: A documented governance framework that prevents the indefinite storage of high-risk data and ensures legal compliance.

2. Provision Automated Deletion and Purging Tools

Utilise automated lifecycle management policies within cloud storage (e.g. AWS S3 Lifecycle or Azure Blob Management) to delete expired objects automatically.
Implement database purging scripts that identify and remove stale records based on predefined time-to-live (TTL) attributes.
Result: Reduction in human error and manual overhead while ensuring consistent data minimisation across the estate.

3. Execute Secure Sanitisation of Physical and Virtual Media

Deploy NIST 800-88 compliant software-based overwriting tools to wipe virtual disks and solid-state drives (SSDs) before re-provisioning.
Formalise a chain-of-custody process for the physical destruction of defective hardware, ensuring the use of industrial shredding or degaussing.
Result: Technical assurance that data is unrecoverable, even through advanced forensic recovery techniques.

4. Revoke Access and Purge Information from Backups

Coordinate deletion requests with backup administrators to ensure that “Right to Erasure” tokens are applied to immutable backup sets or archival media.
Establish a process for “Logical Deletion” where data is rendered inaccessible via encryption key destruction (Crypto-shredding) if physical deletion from backups is technically unfeasible.
Result: Elimination of residual data risks that often persist in forgotten or long-term archival storage.

5. Restrict Deletion Privileges via IAM and MFA

Enforce the Principle of Least Privilege by assigning specific Identity and Access Management (IAM) roles for administrative deletion tasks.
Mandate Multi-Factor Authentication (MFA) for any “Bulk Delete” or “Bucket Empty” operations to protect against accidental loss or malicious insider activity.
Result: Protection of critical data assets from unauthorised or accidental destruction through hardened access controls.

6. Implement Centralised Logging and Verification Audits

Configure system logs to record every deletion event, including the identity of the user, the timestamp, and a description of the deleted asset, exported to a SIEM.
Conduct quarterly technical audits to verify that automated deletion policies are functioning as intended and that no “orphan” data remains.
Result: A verifiable audit trail for ISO 27001 auditors and evidence of compliance with the UK GDPR data minimisation principle.

Levels of Deletion

Level	Action	Recoverable?	Use Case
Soft Delete	Moving to Recycle Bin / “Mark as Deleted” flag.	Yes (Easily)	Day-to-day user errors.
Secure Erase	Overwriting sectors with 0s and 1s.	No (Difficult)	Re-purposing a laptop.
Crypto-Shredding	Deleting the encryption key.	No (Impossible)	Cloud data / Encrypted drives.
Physical Destruction	Shredding/Degaussing the drive.	No	End of life hardware.

How to pass an ISO 27001 Annex A 8.10 audit

To pass an audit of ISO 27001 Annex A 8.10 Information Deletion you are going to make sure that you have followed the steps below on how to comply.

How to comply

To comply with ISO 27001 Annex A 8.10 you are going to implement the ‘how’ to the ‘what’ the control is expecting. In short measure you are going to:

Time needed: 2 hours

How to comply with ISO 27001 Annex ISO 27001 A 8.10 Information Deletion

Define and implement your information classification scheme
Implement an appropriate classification scheme for information based on risk and business need.
Implement and communication your Information Classification and Handling Policy
Implement the Information Classification and Handling Policy that sets out the different levels of classification that you have and the deletion requirements based on that classification.
Define and implement your information deletion methods and processes
Document your information deletion methods and processes and have them reviewed, approved and communicated.
Implement controls proportionate to the risk posed, laws, regulations and contracts
The controls that you implement and the deletion methods you choose are based on your risk assessment and proportionate to that risk and your business needs. They take into account all laws and regulations.
Keep records for audit purposes
For audit purposes you will keep records. Examples of the records to keep include changes, updates, monitoring, review and audits.
Test the controls that you have to make sure they are working by performing internal audits
Perform internal audits that include the testing of the controls to ensure that they are working.

Top 3 ISO 27001 Annex A 8.10 mistakes and how to avoid them

The top 3 mistakes people make for ISO 27001 Annex A 8.10 are

1. Using Operating System Delete Functions

Relying on operating system delete functions is one of the biggest mistakes we see where that operation does not actually fully delete the confidential or sensitive information. This information can be easy to recover from just looking in the system ‘Trash’ folder to simple data recovery techniques. Be sure to properly delete this data inline with your defined data deletion methods.

2. Sending Devices To Charity / Back to Vendor

This we see a lot with devices just being sent back to vendors as is or put on e-bay or sent to charity with little if any actual data deletion. See the section How To Implement ISO 27001 Annex A 7.14 Secure Disposal Or Re-Use Of Equipment.

3. Your document and version control is wrong

Keeping your document version control up to date, making sure that version numbers match where used, having a review evidenced in the last 12 months, having documents that have no comments in are all good practices.

Applicability of ISO 27001 Annex A 8.10 across different business models.

Business Type	Applicability	Examples of Control Implementation
Small Businesses	Focuses on clear data retention periods and basic secure disposal. The goal is to ensure that personal data and business secrets are not kept indefinitely on office laptops or shared drives, reducing the impact of a potential breach.	Implementing a “Secure Wipe” policy for all laptops before they are re-assigned or sold to third parties. Using a professional “Confidential Shredding” service for all paper documents containing customer or financial data. Setting up a monthly task to empty “Recycle Bins” and delete temporary download files across the office network.
Tech Startups	Essential for complying with GDPR’s “Right to Erasure.” Compliance involves automating the deletion of user data in cloud environments and ensuring that “Soft Deletes” are eventually replaced by permanent “Hard Deletes.”	Implementing automated `S3 Lifecycle Policies` in AWS to delete expired log files and database snapshots after 12 months. Using “Crypto-shredding” (deleting the unique encryption key) to render specific user data unrecoverable in a multi-tenant cloud database. Creating a streamlined “Account Deletion” API that triggers the permanent removal of all associated customer PII across all microservices.
AI Companies	Critical for managing high-volume training data and “stale” models. Focus is on securely purging massive datasets once the model training is complete to reduce legal liability and storage costs.	Implementing “Secure Erase” (NIST 800-88 compliant) on high-performance GPU cluster storage before re-provisioning for a new project. Establishing a “Model Decommissioning” process to delete intermediate training checkpoints and draft weights that are no longer required. Automating the deletion of “raw” data ingestion logs after they have been processed and anonymized into the final training set.

Fast Track ISO 27001 Annex A 8.10 Compliance with the ISO 27001 Toolkit

For ISO 27001 Annex A 8.10 (Information deletion), the requirement is to ensure that information is deleted when no longer required, reducing the exposure of sensitive data and complying with laws like GDPR. While SaaS compliance platforms often try to sell you “automated deletion tracking” or complex “data lifecycle” modules, they cannot actually reach into your servers to securely wipe a hard drive, they are merely a place to host your documentation.

Compliance Factor	SaaS Lifecycle Modules	High Table ISO 27001 Toolkit	Audit Evidence Example
Strategy Ownership	Rents access to your data retention rules; losing the subscription means losing your destruction history.	Permanent Ownership: Fully editable Word/Excel deletion logs and policies that you own forever.	A localized Data Retention Schedule stored on your secure internal server.
Implementation	Over-engineers compliance with complex dashboards that cannot actually perform secure wipes.	Governance-First: Formalizes your existing IT decommissioning and shredding workflows.	A Certificate of Destruction from a specialized vendor mapped to your internal disposal policy.
Cost Structure	Often scales with the volume of data or assets tracked, creating an aggressive “Data Lifecycle Tax.”	One-Off Fee: A single payment covers governance for 10 files or an entire data center decommissioning.	Allocating budget to professional wiping software (e.g., Blancco) rather than a monthly dashboard fee.
Disposal Freedom	Limited to specific cloud connectors; struggles with niche hardware or local shredding vendors.	Tech-Agnostic: Deletion procedures match any environment (Cloud, Hybrid, or On-prem) without limits.	The ability to switch physical destruction vendors without needing to update a rigid SaaS platform.

Summary: For Annex A 8.10, an auditor wants to see that you have a policy for what is deleted and proof that your methods are secure (e.g., certificates of destruction). The High Table ISO 27001 Toolkit provides the governance framework to satisfy this requirement immediately. It is the most direct, cost-effective way to achieve compliance using permanent documentation that you own and control.

ISO 27001 Annex A 8.10 FAQ

What is ISO 27001 Annex A 8.10 Information Deletion?

ISO 27001 Annex A 8.10 is a preventative control that requires organizations to delete data when it is no longer required. It mandates that information stored in information systems, devices, or storage media must be rendered unrecoverable to prevent unauthorized disclosure, complying with legal, statutory, and contractual obligations.

What are the specific requirements for complying with Annex A 8.10?

Compliance requires a documented process for timely and secure data destruction. To meet the standard, organizations must:

Define Retention Periods: Align deletion triggers with your Data Retention Policy (e.g., delete customer data 3 years after contract termination).
Use Secure Methods: Implement deletion methods that match the data’s classification (e.g., physical destruction for Top Secret drives).
Verify Deletion: Produce evidence, such as system logs or certificates of destruction, to prove data was actually destroyed.
Cover All Copies: Ensure deletion extends to backups, temporary files, and cloud snapshots.

What are the best methods for secure data deletion under ISO 27001?

The “best” method depends entirely on the storage medium and data sensitivity. Auditors generally accept these three tiers of deletion:

Secure Erase (Overwriting): Using software to overwrite sectors with zeros and ones. Suitable for re-purposing laptops.
Crypto-Shredding: Deleting the encryption key, rendering the encrypted data permanently unreadable. Essential for cloud and virtual environments.
Physical Destruction: Shredding, degaussing, or crushing storage media. Required for damaged drives or highly sensitive hardware at end-of-life.

Is “soft deleting” or emptying the Recycle Bin sufficient for ISO 27001?

No, standard operating system deletion is not sufficient for sensitive data. “Soft deleting” merely marks the space as available for use; the actual data remains on the disk and can be easily recovered with free forensic tools. ISO 27001 requires methods that make recovery difficult or impossible, such as secure overwriting or cryptographic erasure.

How do we handle information deletion in the cloud (AWS/Azure)?

Cloud deletion relies primarily on “Crypto-shredding” and provider verification. Since you cannot physically destroy a cloud server hard drive, you must:

Manage Encryption Keys: maintaining control of your own keys (BYOK) allows you to delete the key, instantly rendering the cloud data inaccessible.
Automate Retention: Configure S3 buckets or storage blobs to automatically delete files after a set period.
Review Vendor Contracts: Ensure your Cloud Service Provider (CSP) is contractually committed to secure deletion and provides compliance reports (e.g., SOC 2 Type II).

What evidence do auditors require for information deletion?

Auditors require tangible proof that the deletion process is functioning. You cannot just say you delete data; you must show:

Certificates of Destruction: Provided by third-party shredding companies for physical media.
Automated Logs: System logs showing when a script ran to purge old database records.
Ticket Records: IT helpdesk tickets confirming a laptop was wiped before re-issue.
Audit Trails: Evidence that backups were eventually overwritten or aged out according to policy.

What is the difference between Annex A 8.10 and Annex A 7.14 (Secure Disposal)?

Annex A 8.10 focuses on the data, while Annex A 7.14 focuses on the physical equipment.

Annex A 8.10 (Information Deletion): Concerns the active removal of files, records, and data from systems while they are still in use or when data reaches its retention limit.
Annex A 7.14 (Secure Disposal of Equipment): Concerns the final sanitization and physical handling of hardware (laptops, servers, USBs) before it is sold, scrapped, or returned to a lessor.

How does this control relate to GDPR’s “Right to Erasure”?

Annex A 8.10 provides the technical framework to fulfill GDPR legal requirements. Article 17 of the GDPR (Right to Erasure) grants individuals the right to have personal data deleted. Implementing Annex A 8.10 ensures you have the technical capability and governance processes to actually execute these requests securely and permanently, keeping you compliant with both the ISO standard and privacy laws.

The following related controls apply:

ISO 27001 Annex A 7.14 Secure Disposal or Reuse of Equipment

ISO 27001 Annex A 5.12 Classification Of Information

Controls and Attribute Values

Control type	Information security properties	Cybersecurity concepts	Operational capabilities	Security domains
Preventive	Confidentiality	Protect	Information Protection	Protection
			Legal and Compliance

Confidentiality, Information Protection, Legal and Compliance, Preventive, Protect, Protection

Stuart Barker

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management. Holding an MSc in Software and Systems Security, he combines academic rigor with extensive operational experience, including a decade leading Data Governance for General Electric (GE).

As a qualified ISO 27001 Lead Auditor, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. His toolkits represent an auditor-verified methodology designed to minimise operational friction while guaranteeing compliance.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.