Perhaps you’ve been asked to provide a certificate of data destruction due to an audit or routine chain of custody verification. Or worse, the fallout from a data breach.
Ensure that your data destruction process is airtight by understanding what the certificate of data destruction is and the verification you’ll need for an effective, compliant data destruction plan that stands up to scrutiny.
And, lets you sleep at night.
Quite simply, a Certificate of Data Destruction is a formal document stating that digital media has been destroyed.
It should include detailed information about the method of destruction, a detailed list of IT devices (hard drives, SSD drives, magnetic tape, cell phones, USB drives, arrays, etc.) destroyed to ensure that the data destruction process complied with all relevant security laws, most importantly NIST 800-88 specifications.
There is no certifying authority for the data destruction industry so the reputation, reporting capability and legitimacy of your data destruction vendor is paramount.
In other words, choose carefully.
ITADs, VARs, IT resellers and MSPs, if you’re using a data destruction partner, they should automatically provide ample verification that will protect you, your client, and your client relationship in the unfortunate circumstance of either legal action, a data breach investigation, or an audit of your data destruction process. Without the verification, the Certificate of Data Destruction doesn’t provide absolute proof of data privacy regulatory compliance and best practices.
For businesses going direct to a data sanitization provider, ensure that you are using a service that provides the chain of custody, serial number tracking, verified software when erasing (wiping) and other verifications that ensure that their Certificate of Data Destruction holds weight if you are challenged.
