Call us at 800-781-4799 and ask for details about our Validator or any erasure verification questions. You can also fill out the form for any inquiries and we will contact you as soon as possible.
Summary of Data Erasure Verification Guidelines
DATE: Nov 2012 (Rev. 1 of Original 2006 Document)
In most cases, standards adopted by non-governmental certifying organizations have been based wholly or partially on NIST 800-00: Guidelines for Media Sanitization.
- 4.7.3 Verification of Sanitization Results: "As part of the sanitization process, in addition to the verification performed on each piece of media following the sanitization operation, a subset of media items should be selected at random for secondary verification using a separate validation tool. The secondary validation tool should be from a separate developer..."
- If sampling is done after full verification in cases of low risk tolerance then a separate validation tool than the one used in the original verification should be used.
- When using a representative sampling verification, the sampling should be executed by personnel who were not part of the original sanitization action
- Select pseudorandom locations on the media each time the analysis tool is applied.
Summary of Certified Data Erasure Verification Standards
- DATE: Jan 2013 (NAID Certification Document)
Specifies that Quality Control (verification) software be different than that used for sanitization.
- The quality control manufacturer is different than the sanitization software manufacturers, and that the Company employee who performs the quality control is never the same person that performed sanitization on the same drive(s).
- A specific number or percentage of sanitized drives, as determined by the Company, is seleted for quality control assessment on a routine basis.
- Also references some NIST SP 800-88 recommendations for log components.
DATE: July 2013 Section 8: Data Destruction
The latest R2 standard specifically references SP-800-88 for all matters pertaining to data destruction. Verification is covered in subsections a) b) and d). In subsection d), the text specifically identifies the requirement for an independent party to perform the verification.
- (a)The R2:2013 electronics recycler shall adhere to the data sanitization, purging, or destruction practices described in the NIST Guidelines for Media Sanitization: Special Publication 800-88 (rev. 1) or another current generally-accepted standard13, or be certified bya generally-accepted certification program.
- (b)An R2:2013 electronics recycler shall document its data destruction procedures and include this documentation as part of its EHSMS.
- (d)Data destruction processes shall be reviewed and validated by an independent party on a periodic basis as defined in the documentation called for in Section b)
DATE: March 2013 (2.0) e-Stewards® Standard for Responsible Recycling and Reuse of Electronic Equipment©
e-Stewards indicates that further clarification is to follow but leaves 800-88 as the prevailing guidelines for the broad spectrum of media sanitization, including verification.
"Broadly speaking, a refurbisher must demonstrate that they have the operational framework to conform to NIST 800-88 plus e-Stewards performance requirements, and they must have an information system that confirms conformance (i.e. evaluates successful data wiping) on a device-by-device basis."
DATE: March 2013
Under 3.4.1 Processing is this line item:
- d. There must be a documented quality control process which will test a sample number of hard drives and all other data carrying assets after the data sanitization process has been complete.