The Data Destruction Process - Hard Drives
The hard drive and data destruction process involves destroying confidential information by physically shredding the host digital media such as hard drives, SSDs, NVMe and backup tapes. There are three main data destruction techniques which include wiping, degaussing and physically shredding digital media. The appropriate manner, or technique, in which data is destroyed depends on the type of media to be destroyed as well as the company’s security protocols and guideline requirements.
Step #1: On-site so you can Witness and Verify.
Hard drives, SSDs and/or backup tapes are moved from your data center to our shredding truck for processing. This practice allows you to witness and verify that drives have been recorded and truly been destroyed.
Step #2: Scan and Inventory for Certificate of Destruction.
Hard drives pulled from servers, storage arrays and computers are staged into our scanning area. Once collected, drives are scanned and inventoried for a detailed Certificate of Destruction report.
NIST 800-88 requirements go a step beyond capturing the hard drive serial number. Compliance with NIST requires linking the hard drive to the associated computer. See details below in the Certificate of Destruction Report.
Step #3 Physically Shred Drives.
Hard drives are then shredded at a rate of 500 PC drives per hour. Shredding hard drives for data destruction – as apposed to drilling, hole punching or bending – satisfies NIST 800-88 and all other data privacy laws such as HIPAA.
Step #4: Certificate of Destruction
Our Certificate of Destruction details quantity and type of digital destroyed, serial number, location, and company personnel that witness the process.
NIST 800-88 Certificate of Destruction report requires, among other details, a link between the hard drive being destroyed and the computer from which is resided. This information includes the make and model of the hard drive as well as the source computer.
Data Destruction Process Summary
In summary, a secure data destruction process should follow the four steps above. The key point here is that your data destruction vendor has allowed you to witness and verify that your hard drives truly been destroyed. The unbroken chain-of-custody should give your company confidence that confidential information will not be compromised.