Data sanitization
On-site data sanitization to NIST 800-88, certified per storage medium
With retired IT hardware the real risk is the data still on it, not the logistics. XITAD destroys that data through one certified process to NIST 800-88: every storage medium is irreversibly wiped and certified per unit before the hardware goes anywhere else. For the most critical environments this happens at your own location, so storage media never leave your premises unwiped.
Destruction is fully decoupled from the sale. The hardware is first made data-free and certified; only then does a buyer come into play, regardless of who that ultimately is. XITAD sets the standard and verifies that it is met, with a wipe certificate per medium and an audit report in your archive.
Wiping to NIST 800-88
Every storage medium is irreversibly wiped to NIST 800-88, the international guideline for media sanitization. The standard defines three levels: Clear overwrites the data, Purge makes recovery impossible even in a lab, and physical destruction renders the medium permanently unusable. This runs through a certified process that XITAD orchestrates and verifies.
Wiping at your own location
Sometimes a storage medium may not physically leave your premises, for example with highly sensitive data or an internal policy that prohibits transporting storage media. In those cases XITAD wipes the data on-site, in your own server room, before the hardware is removed. Where transport is permitted, it goes via secured transport to a secured processing facility.
Certificate and audit report per medium
For every wiped medium a wipe certificate is recorded, linked to the serial number and produced for example in Blancco. An audit report is added to your archive as well, so your auditors can trace the method applied and the evidence per device. This lets you demonstrate to regulators that the data is gone.
Destruction independent of the sale
Data destruction is fully separate from the eventual sale. Hardware is first made data-free and certified; only after that final clearance does a buyer come into play. The certified wipe happens independently of who buys the hardware, so the burden of proof never depends on the transaction.
Method follows device and sensitivity
Not every storage medium calls for the same approach. The device type and the sensitivity of the data determine whether Clear, Purge or physical destruction is applied. Flash memory such as SSDs, for instance, requires a different method than a classic hard drive, and highly sensitive data shifts the choice to a heavier level.
Media that cannot be wiped
Not every medium can still be wiped by software, for example with defective or no longer accessible media. For those cases physical destruction is the final level of the NIST 800-88 standard, rendering the medium permanently unusable. This step is recorded as well, so even unwipeable media are demonstrably handled in your audit trail.
Frequently asked questions
about on-site data sanitization
How is my data removed and to which standard?
Every storage medium is irreversibly wiped to NIST 800-88 through a certified process, using the levels Clear, Purge or physical destruction. The method chosen depends on the device type and the sensitivity of the data.
Can the wiping be done at our own location?
Yes. For the most critical environments XITAD wipes the data on-site in your own server room, so storage media do not leave your premises unwiped. Where transport is permitted, it goes via secured transport to a secured processing facility.
What proof of destruction do I receive?
For each wiped medium you receive a wipe certificate (such as Blancco) with the serial number and method applied, plus an audit report in your archive. This makes you demonstrably compliant towards auditors and regulators.
What happens to media that cannot be wiped?
Defective or no longer accessible media are physically destroyed, the heaviest level within NIST 800-88, rendering the medium permanently unusable. That action is recorded as well, so the medium is demonstrably handled.
Does the data destruction depend on the sale?
No. The hardware is first made data-free and certified; only then does a buyer come into play. The certified wipe is independent of who ultimately buys the hardware.
No risk whatsoever with your corporate data.
Meet all privacy legislation with on-site data destruction via a certified process. Discuss your challenge with one of our data specialists.