Are you Following the Right Destruction Standard?
You may have heard of the Department of Defense 5220.22-M standard when it comes to hard drive shredding or wiping, but did you know this standard has actually become obsolete?
The Outdated DoD Standard.
Although outdated, the DoD 5220.22-M standard is still referenced by many vendors and customers in the industry. Published by the National Industrial Security Program in 1995, the “DoD Standard” outlined a process for overwriting hard drives with three passes and a final verification pass. This standard was never officially approved by the U.S. Department of Defense and was not intended to be a standard for companies to follow. Using this process to erase a hard drive does prevent most software and hardware-based recovery methods, however, the multiple overwrite passes is no longer relevant and involves unnecessary time and cost. The Department of Defense, along with most regulations and certification programs, now reference the current NIST SP 800-88 R1 guidelines and require a combination of wiping and physical destruction.
Be weary of hard drive destruction providers that claim they are certified or approved by DoD standards, as these claims are misleading and certification to this standard does not exist.
The Current NIST Standard.
When looking for a hard drive wiping or shredding service, the National Institute for Standards and Technology’s (NIST) Special Publication 800-88: Guidelines for Media Sanitization should be used for current data erasure compliance. The current revision was issued in 2012, and includes overwriting, secure erasure, and physical destruction methods. The NIST guidelines have replaced the DoD standard in regulatory and certification compliance across all industries.
The Best Data Destruction Plan.
It’s important to note that disk wiping software, no matter which standard is used, cannot erase hard drives that have physically failed.The biggest downfall of hard drive shredding is the loss of resale potential, but if a drive has failed, has any damaged sectors, or is simply too old to be reused, destruction is the right choice.
The best overall recommended data disposal solution is a combination of both wiping and shredding. You should immediately secure unused hard drives and work with a certified vendor to shred any that cannot be properly wiped, verified with a serial number report and certificate of destruction.
Find companies that go beyond legally mandated procedures who take security, resale value, and recycling equally serious. Remember, certificates of destruction do not free you from legal responsibility. If data somehow surfaces after sending it to a contractor who “certified” the destruction, you are still liable. So be diligent when asking about procedures and look for voluntary certifications like R2 or e-Stewards, verified by the official website directory. These certifications require annual third party audits to verify all equipment is handled securely and responsibly, and all drives that are being sold for reuse are in-fact 100% erased.
SEAM integrates the best data wiping and physical destruction solutions available for all types of electronic media including hard drives, smartphones and tablets. If your South Dakota, Nebraska or Iowa organization is looking for a hard drive destruction or wiping service, SEAM can help you comply with current data disposal requirements. Contact us for a quote today.