Secure data destruction involves a combination of wiping, degaussing, and/or physical destruction of storage media. The process of professional data destruction includes documentation of the process, including what happens to your hard drives at the end of their usable lives.
Depending on the age of the computer equipment, a data destruction company might wipe the hard drive so they can use it again, or the experts might remove the magnetic field around the hard drive before shredding it completely. Either way, you receive documentation saying exactly what happened to your assets.
In today’s blog from I.T. Supply Solutions, we explain Certificates of Destruction and Certificates of Sanitization.
A Certificate of Destruction outlines the process of destroying hard drives and storage media completely and thoroughly. Companies will wipe any information on them first before shredding them.
A Certificate of Sanitization is different from a Certificate of Destruction in that it outlines how another company will re-use the storage media in the future. This process involves overwriting the data on hard drives or storage media to make any information, including sensitive information, unreadable to the next user.
Data privacy laws require companies to receive a Certificate of Destruction outlining the destroyed hard drives. The National Institute of Standards and Technology (NIST) outlines the standards for these certificates.
The information listed on a Certificate of Destruction includes:
- Name and address of the company destroying the hard drives
- Name and address of the company that owns the hard drives
- Date of certificate
- Checklist of methods of destruction, such as shredding, degaussing, and erasing
- Types of units, including hard drives, backup tapes, cell phones, and mobile devices
- On-site or off-site data destruction
- People from the company who witnessed the data destruction
- Makes, models, and serial numbers of all hard drives and media storage destroyed
If your organization requires full data destruction reporting, we can provide you with a Certificate of Destruction.
While a Certificate of Destruction does not obviate you from potential legal action, it does show that a professional company followed prescribed procedures for making sure no one else can retrieve data on your hard drives.
Guidelines of media sanitization, outlined by NIST, include rendering access to data on the media infeasible for a given level of effort, even by professional means.
Clearing or purging information on operational hard drives and storage media to be re-used in the future typically involves overwriting the confidential information with useless fixed or random patterns. This renders any sensitive information unreadable.
Similar to a Certificate of Destruction, a Certificate of Sanitization contains standard information. However, each storage media gets its own Certificate of Sanitization.
- Name, title, company, location, and phone of the person performing the sanitization.
- Information about the media, including make, model number, serial number, media type, and if the data has been backed up.
- Sanitization details, such as method type, the method used, tool used, and verification method.
- Media destination, because your company needs to know where the media is going, either to a recycling facility, an internal department, manufacturer, or reseller.
- Validation of the certificate.
A Certificate of Destruction and Certificate of Sanitization give you peace of mind that your data doesn’t fall into misuse or get out into the open. I.T. Supply Solutions can help you achieve this, and we’ll give you the documentation you need for your data destruction. Call us at (859) 694-0620 or contact us for more information.