Onsite Data Sanitization
Data destruction to NIST 800-88, on site or in a secured facility
With retired IT hardware, the biggest risk is not the equipment itself, but the data on it. That is why data destruction is carried out before hardware is reused, sold or processed.
- Assets Processed
- 248
- Certificates Generated
- 248
- Verification
- 100%
- Status
- Completed
XITAD supports organizations in erasing data to NIST 800-88, the internationally recognized guideline for media sanitization. Every storage medium is processed according to the agreed method and supported by certificates and audit documentation.
For environments where storage media may not leave the premises, processing can take place entirely on site.
Data destruction before further processing
Data destruction is independent of the final destination of the hardware.
Storage media are first processed according to the agreed method. Only after processing is complete and the required documentation is available is equipment released for further processing, reuse or sale.
This keeps the burden of proof independent of the final transaction.
Processing to NIST 800-88
NIST 800-88 describes various methods for securely erasing data.
Depending on the type of storage medium and the security requirements, you can choose between:
Clear – data is overwritten and no longer accessible to regular users.
Purge – additional techniques make recovery practically impossible, even with specialized tools.
Physical Destruction – the storage medium is physically destroyed and permanently rendered unusable.
The chosen method is recorded as part of the project file.
On site or within a secured facility
Not every organization has the same requirements for data processing.
For projects with heightened security requirements, data destruction can take place within your own environment, for example in a server room or datacenter.
Where transport is permitted, storage media are processed within a secured processing facility as part of a controlled process.
- Processing within your environment
- Media remains on location
- Direct oversight
- Secure transportation
- Controlled processing environment
- Centralized execution
Certificates per storage medium
For every processed storage medium, documentation is recorded.
Depending on the method applied, this can consist of erasure certificates, destruction certificates and additional audit information. This documentation is linked to the relevant storage medium and made available centrally within the project file.
This keeps it demonstrable which method was applied and when processing took place.
- Device Serial Number
- Method Applied
- Verification Result
- Timestamp
The right method for every storage medium
Not every storage medium calls for the same approach.
Traditional hard drives, SSDs, mobile devices and server storage have different technical properties and sometimes require a different method of processing.
The sensitivity of the data also plays a role in the choice between erasing, sanitizing or physical destruction.
When erasure is not possible
Some storage media are defective, damaged or no longer accessible.
In those situations, software-based processing cannot be carried out. Physical destruction then forms the final step of the process, so that these storage media are also demonstrably and permanently taken out of use.
This processing is likewise recorded within the audit trail and project documentation.
Demonstrably recorded
Data destruction is only valuable when it has been demonstrably carried out.
That is why the method applied, certificates, serial numbers and project data are recorded within one verifiable file. This gives organizations the documentation they need for audits, compliance obligations and internal controls.
- Sanitization Certificates
- Destruction Certificates
- Audit Reports
- Asset Records
- Project Documentation
Frequently asked questions about data destruction
Which method is applied to my storage media?
That depends on the type of storage medium and the security requirements. Based on this, a choice is made between Clear, Purge or physical destruction to NIST 800-88. The chosen method is recorded in the project file.
What is the difference between Clear, Purge and physical destruction?
With Clear, data is overwritten and no longer accessible to regular users. With Purge, additional techniques make recovery practically impossible, even with specialized tools. With physical destruction, the storage medium is physically destroyed and permanently rendered unusable.
Can data destruction take place at our own location?
Yes. For environments where storage media may not leave the premises, processing can take place entirely on site, for example in a server room or datacenter. Where transport is permitted, processing takes place within a secured facility.
Which certificates do I receive?
Depending on the method applied, you receive erasure certificates, destruction certificates and additional audit information. This documentation is linked to the relevant storage medium and made available centrally within the project file.
What happens to defective storage media?
Storage media that are defective, damaged or no longer accessible cannot be processed via software. Physical destruction then forms the final step, so that these media are also demonstrably and permanently taken out of use. This too is recorded in the audit trail.
How is the processing documented?
The method applied, certificates, serial numbers and project data are recorded within one verifiable file, so it remains demonstrable which method was applied and when processing took place.
Erase data before hardware leaves your organization
Process storage media to NIST 800-88, supported by certificates, audit documentation and a verifiable process.