A Certificate of Data Destruction is an audit document that guarantees that all of your confidential information on hard drives, tapes, disks, or other media has been destroyed so thoroughly that even advanced forensic techniques will not be able to recover it. The Certificate of Destruction also constitutes the servicing company’s guarantee that the process complied with all applicable regulations and laws.
A Typical Certificate of Destruction Consists of:
- A unique serial number for use in an audit trail and other company records.
- Model and serial numbers of the devices destroyed.
- Dates of the service company assuming responsibility for the material and its ultimate disposal.
- If the destruction was off-site: details of the custody chain documenting the transfer from the client’s premises to the services company’s premises and details of the destruction process employed.
- If the material was destroyed on-site: dates and times of the service company assuming responsibility and details of the disposal process.
- The signature of a company official attesting to the fact that the information contained in the certificate is a full and accurate account of the process.
Potomac eCycle provides a Certificate of Data Destruction that complies with all recommendations of ISRI and R2/RIOS and is your guarantee that the confidential material was efficiently, securely, and completely destroyed.
This is your proof, should it ever be needed, that your company respected all privacy laws and took appropriate actions to prevent the leakage or misuse of proprietary company information.
On-Site Data Destruction
While the certificate is your audit trail, sometimes you need to be absolutely certain that your data have been destroyed beyond any possibility of recovery and the best way to satisfy yourself of this is to ask that the process is done on your own site, allowing you to witness the process from beginning to end. This ensures that there are no opportunities for your data to be intercepted by a bad actor.
There are many ways of destroying electronic data, including degaussing the media with powerful magnetic forces, or breaking the devices with hammers and other equipment, but the most secure method is to shred the media in a purpose-built machine. These are similar to paper shredders, but vastly more powerful. Destroying your drives in this manner also eliminates any possibility of them being cleaned and resold with the consequent possibility of data being recovered later and used with bad intent with potential ramifications for you and your company.