For added peace of mind, witnessed destruction lets you monitor the permanent destruction of your most sensitive assets and data
A common query that we receive is about witnessed destruction. How do I know sensitive data has been destroyed? Can I observe the process myself? How does it work? Do I receive some type of verification? To answer those questions, we wrote this blog post.
Witnessed destruction — the final step
Based on the interest in witnessed destruction, many organizations do take seriously the final step to protecting their data, and, by extension, their brand. Witnessed destruction gives you that extra reassurance that everything is done by the book.
But before we jump to the actual process of overseeing the job, it helps to understand there are — according to the International Data Sanitization Consortium (IDSC) — three ways to deliberately, permanently, and irreversibly remove or destroy data stored on a memory device: physical destruction, cryptographic erasure, and data erasure. The stringency of the regulations that your business needs to meet will determine which method to choose.
For the most heavily regulated industries, nothing but data sanitization will do to comply with data privacy laws. Compared to data destruction, data sanitization includes confirmation, using recognized verification methods, that the data is permanently irrecoverable. A sanitized device has no usable residual data and cannot be recovered even with the help of advanced forensic tools.
A word about data destruction
A word of caution: Don’t automatically assume a company that says it specializes in data destruction actually does a correct job. As much as you’d want to trust confident promises, especially if the company on the surface looks legitimate, unverified destruction makes you vulnerable to data theft.
For example, according to the 2021 Cost of a Data Breach Report from IBM, data breach costs rose from $3.86 million to $4.24 million this year, the highest average total cost in the 17-year history of this report. In breaches where remote work was a factor, the average cost was $1.07 million higher.
While large companies typically pour resources into cybersecurity while the IT assets are in use, their end-of-life (EOL) IT asset strategies tend to garner fewer media headlines although the impact of such breaches can be just as devastating.
For highly regulated industries, such as defense, finance, telecommunication, and healthcare, the steep fines leveraged in the event of a breach speak to the importance of leaving nothing to chance. The increase in remote work has added another layer of complexity to lifecycle management.
Four steps to verified data sanitization
So, with all that in mind, what happens when you opt for witnessed destruction? At Global Electronic Recycling, you will work with our team of military-trained and top-secret asset destruction experts. Let’s walk through the four steps.
First two steps
- Transportation and delivery. Pick-up preparation begins before our truck arrives at your facility. Then, to eliminate confusion and mishaps, our team provides detailed packaging instructions and customized pick-up forms well in advance of this important day. When the truck finally pulls up, you know exactly what’s going to happen. Our team securely loads your electronic assets into a sealed and monitored truck from the time it leaves your facility to the moment it arrives at our loading dock.
- Witnessed delivery verification. The arrival of your witness triggers the process to move forward. Until that time, the seal remains intact. Under the surveillance of the witness, experts break the seal and bring your electronic assets into our facility with advanced security controls. We then count the pieces and verify the weight.
Two final steps
- Witnessed destruction. It’s time for your witness to observe the destruction process and verify that we successfully destroy each asset. Cameras capture every movement as assets are destroyed to the required specifications. Whether you require shearing, shredding, or pulverizing, we santitize your data in compliance with NIST 800-88 standards, HIPAA, and the U.S. Department of Defense is DoD 5220.22-M, also known as the National Industrial Security Program Operating Manual or NISPOM.
- Receipt of verification report: We authenticate data destruction through the issuance of data destruction reports and certificates, including an end-of-use certificate DLA Form 1822 and a certificate of destruction that captures and lists serial numbers of wiped drives.
We designed witnessed destruction for your peace of mind. Protect your brand and sensitive data every step of the way.