For added peace of mind, witnessed destruction lets you monitor the permanent destruction of your most sensitive assets and data
A common query that we receive is about witnessed destruction. How do I know sensitive data has been destroyed? Can I observe the process myself? How does it work? Do I receive some type of verification? To answer those questions, we wrote this blog post.
Witnessed destruction — the final step
Based on the interest in witnessed destruction, many organizations do take seriously the final step to protecting their data, and, by extension, their brand. Witnessed destruction gives you that extra reassurance that everything is done by the book.
But before we jump to the actual process of overseeing the job, it helps to understand there are — according to the International Data Sanitization Consortium (IDSC) — three ways to deliberately, permanently, and irreversibly remove or destroy data stored on a memory device: physical destruction, cryptographic erasure, and data erasure. The stringency of the regulations that your business needs to meet will determine which method to choose.
For the most heavily regulated industries, nothing but data sanitization will do to comply with data privacy laws. Compared to data destruction, data sanitization includes confirmation, using recognized verification methods, that the data is permanently irrecoverable. A sanitized device has no usable residual data and cannot be recovered even with the help of advanced forensic tools.
A word about data destruction
It’s worth pointing out that a company saying it specializes in data destruction is not the same as there being no residual data left on the device when the job is supposedly finished. As much as you’d want to trust confident promises, especially if the company on the surface looks legitimate, unverified destruction makes you vulnerable to data theft.
According to the 2021 Cost of a Data Breach Report from IBM, data breach costs rose from $3.86 million to $4.24 million this year, the highest average total cost in the 17-year history of this report. In breaches where remote work was a factor, the average cost was $1.07 million higher.
While large companies typically pour resources into cybersecurity while the IT assets are in use, their end-of-life (EOL) IT asset strategies tend to garner fewer media headlines although the impact of such breaches can be just as devastating.
For highly regulated industries, such as defense, finance, telecommunication, and healthcare, the steep fines leveraged in the event of a breach speak to the importance of leaving nothing to chance. The increase in remote work has added another layer of complexity to lifecycle management.
Four steps to verified data sanitization
So, with all that in mind, what happens when you opt for witnessed destruction? At Global Electronic Recycling, you will work with our team of military-trained and top-secret asset destruction experts. Let’s walk through the four steps.
- Transportation and delivery. Pick-up preparation begins before our truck arrives at your facility. To eliminate confusion and mishaps, our team provides detailed packaging instructions and customized pick-up forms well in advance of this important day. When the truck finally pulls up, you know exactly what’s going to happen. Our team securely loads your electronic assets into a truck that is sealed and monitored from the time it leaves your facility to the moment it arrives at our loading dock.
- Witnessed delivery verification. The arrival of your witness triggers the process to move forward. Until that time, the seal remains intact. Under the surveillance of the witness, experts break the seal and bring your electronic assets into our facility with advanced security controls. The pieces are counted and the weight verified.
- Witnessed destruction. It’s time for your witness to observe the destruction process and verify that each asset has been successfully destroyed. Cameras capture every movement as assets are destroyed to the required specifications. Whether you require shearing, shredding, or pulverizing, your data is sanitized in compliance with NIST 800-88 standards, HIPAA, and the U.S. Department of Defense is DoD 5220.22-M, also known as the National Industrial Security Program Operating Manual or NISPOM.
- Receipt of verification report: We authenticate data destruction through the issuance of data destruction reports and certificates, including an end-of-use certificate DLA Form 1822 and a certificate of destruction that captures and lists serial numbers of wiped drives.
Witnessed destruction was designed for your peace of mind. With one of your trusted team members on-site, you can ensure your brand name and sensitive data are protected every step of the way.