Two types of secure data sanitation
Purge
Our preferred method of data eradication is secure eraser of hard drives. This method is preferred because it provides complete, secure and cost-effective data destruction, yet leaves the physical drive undamaged so that it can be reused. To effectively eradicate your data, We Buy Used IT Equipment follows the recommendations of the U.S. Department of Defense of following NIST as the best method for secure data eradication.
Physical Hard Drive Destruction
The process of physically damaging the medium so that it is not usable in a computer and so that no known exploitation method can retrieve data from the medium. We can help you physically destroy your hard drive keeping your information safe. Just ask us about hard drive destruction services.
Major Legal and Regulatory Frameworks:
DOD
The DoD 5220.22-M has been the most popular of all wiping methods as it was designed in 90’s through the Department of Defense in the United States. The method involves three overwriting passes with a random pattern of ones and zeros written onto the disk. Many increased the three pass method to seven but ultimately the recommended methodology has changed to the NIST system. In more recent years the DOD has referenced NIST as the more secure way to handle the eradication of hard disks.
NIST
The NIST 800-88 is the newest method that has taken precedence over DoD. After much debate of overkill on the DoD method, the Department of Commerce created this method in 2014. NIST accepts the manufacturer’s methods of erasure but also sets a basic guideline to meet: 1-pass wipe and 1-pass verify. The summary of NIST is: If the media will be reused, and will be leaving organization control then purging should be selected as the sanitization method. If the media will be reused, and will not be leaving organization control then clearing is a sufficient method of sanitization. If the media will not be reused at all, then destroying is the method for media sanitization.
Summary of NIST Sanitization Types:
Media Type | Clear | Purge | Destroy |
---|---|---|---|
Hard Drives | Overwrite | Secure Erase, degauss, or disassemble and degauss the enclosed platters | Disintegrate, pulverize |
SOX
The Sarbanes-Oxley Act of 2002 was designed to ensure financial and accounting data stayed secure. There is no specific method of wiping specified in the SOX act, but it requires a company to have a plan in place for keeping data secure.
HIPAA
The HIPAA Privacy Rules by the Department of Health and Human Services was designed to keep our health information secure. Similar to the SOX act, there is no method of wiping specified. However, to meet these compliance companies with client health information must securely destroy data for drives that are to be discarded.