Best Practices
When a company collects customer data, there is a legal obligation to protect that data from the point of acquisition through to end-of-life decommissioning. It is the responsibility of the company to guarantee the media has been sanitized of all data before the media leaves the company's controlled facility. If not, improper IT Asset Disposition (ITAD) is a risk carried forward indefinitely.
A company's risk of a data breach from decommissioned hard drives and backup tapes can be reduced to 0% with a simple decommissioning process:
Secure Disposition of Magnetic Media
Step 1: Ensure no hard drives or tapes leave your facility without first being degaussed.
Step 2: Degauss all hard drives within your controlled, secure facility
Step 3: Physically destroy each hard drive immediately after it is degaussed
Step 4: Generate proof of erasure and destruction documentation
Explanation of Process:
Degaussing:
Degaussing sanitizes magnetic media (i.e., hard drives and tape of all data regardless of whether the media is working for non-functioning. In just seconds, a degausser encompasses the media with a strong magnetic pulse, eliminating all magnetic field patterns on the media.
Degaussing is the primary on-site method of data sanitation approved by the NSA for the erasure of Top Secret data.
Degaussers are small (about the size of a CPU), light-weight (ranging from 35-105 lbs.), and can be carried or rolled into an office, data center, or warehouse. A degausser plugs into a standard wall outlet and takes seconds to complete a cycle. Degaussing is also environmentally friendly; it does not physically alter the external appearance of the hard drive allowing the degaussed hard drive to be recycled if desired.
Destruction:
Although physical destruction of a hard drive is not necessary after the drive has been degaussed, physically damaging the hard drive casing and bending the disk platters provides visual confirmation that the hard drive has been securely processed; discourages unscrupulous attempts to retrieve data from the drive, and indicates the drive is ready to leave the controlled environment of recycling or disposal.
Common methods of hard drive destruction include physical destroyers, such as the Garner PD-5, crushers, punchers, and shredders.
Verifying and Documenting the Data Erasure and Destruction:
Documented proof of data erasure and destruction is a necessity in our litigious society. A detailed record of the destruction process, including media serial/asset numbers, operator ID, date, time, location, degausser field strength, and type of physical destruction must be maintained for archival and audit purposes.
Secure Disposition of Solid-State Media
Step 1: Ensure no solid-state media leave your facility without first being destroyed.
Step 2: Destroy solid-state media within your controlled, secure facility
Step 3: Physically destroy memory chips by puncturing or in-house shredding
Step 4: Generate proof of destruction documentation
Explanation of Process:
Destruction:
Solid-state data (SSD) is stored as an electronic charge and therefore degaussing is not an effective method for sanitizing solid-state media. What is very effective is physical destruction.
Physical destruction of the media must occur while the media is inside your secure facility to protect the chain-of-custody. The destruction process should break, pierce, or waffle each data storage chip on the board. Using a physical destroyer with an SSD option allows for both hard drives and solid-state media to be destroyed using one machine.
Verifying and Documenting the Destruction:
Verify and document the destruction process with a proven destruction verification software system so you have a clear audit trail in case your data destruction practices are questioned. An integrated verification system connected to your physical destroyer ensures data consistency and removes operator reporting errors and inconsistencies. Solid-state devices come in all shapes and sizes such as thumb drives, micro SD cards, and SSD drives. It is important to have a verification system that incorporates a photo of the media as well as diagnostic data from the destroyer such as crush depth and media type into the certificate of destruction report to provide a complete end-of-life audit trail of the media.
Once these steps have been taken, the media can be safely removed from your secure facility.
Learn more about our complete erasure and destruction packages to help you follow best practices in IT Asset Disposition.
About Garner
Garner (located in Roseville, CA) designs, manufactures and sells worldwide equipment that delivers complete, permanent, and verifiable data elimination. Our products ensure your data is unrecoverable. Founded more than 60 years ago, we serve business and government customers from every industry sector in countries around the world, providing time-tested solutions for permanent data security of working and nonworking hard drives, magnetic tape, and solid-state media through products that include:
- NSA/CSS EPL listed degaussing equipment that eliminates all data on magnetic tapes, hard drives, and even old floppy disks by altering the media’s magnetic properties
- NSA/CSS EPL-listed destruction equipment that bends, breaks and mangles hard drives deterring any attempt to recover data
- Patented solid-state destroyer with 90 spikes to puncture, perforate, and waffle media, demolishing the individual memory chips so data cannot be retrieved.
- IRONCLAD Erasure and Destruction Verification Systems to track, log, and document media as it is sanitized.
Garner's products are currently deployed in over 100 countries, for which Garner has been recognized by the U.S. Department of Commerce with the 2019 President’s “E” Award for continued success in exporting.