Onsite Data Sanitization

Data destruction to NIST 800-88, on site or in a secured facility

With retired IT hardware, the biggest risk is not the equipment itself, but the data on it. That is why data destruction is carried out before hardware is reused, sold or processed.

Project Status
Assets Processed
248
Certificates Generated
248
Verification
100%
Status
Completed

XITAD supports organizations in erasing data to NIST 800-88, the internationally recognized guideline for media sanitization. Every storage medium is processed according to the agreed method and supported by certificates and audit documentation.

For environments where storage media may not leave the premises, processing can take place entirely on site.

01

Data destruction before further processing

Data destruction is independent of the final destination of the hardware.

Storage media are first processed according to the agreed method. Only after processing is complete and the required documentation is available is equipment released for further processing, reuse or sale.

This keeps the burden of proof independent of the final transaction.

Asset Received
Data Destruction
Verification
Certificate
Released
02

Processing to NIST 800-88

NIST 800-88 describes various methods for securely erasing data.

Depending on the type of storage medium and the security requirements, you can choose between:

Clear – data is overwritten and no longer accessible to regular users.

Purge – additional techniques make recovery practically impossible, even with specialized tools.

Physical Destruction – the storage medium is physically destroyed and permanently rendered unusable.

The chosen method is recorded as part of the project file.

01
Clear
Standard overwrite
02
Purge
Advanced sanitization
03
Physical Destruction
Permanent destruction
03

On site or within a secured facility

Not every organization has the same requirements for data processing.

For projects with heightened security requirements, data destruction can take place within your own environment, for example in a server room or datacenter.

Where transport is permitted, storage media are processed within a secured processing facility as part of a controlled process.

Onsite
  • Processing within your environment
  • Media remains on location
  • Direct oversight
Facility
  • Secure transportation
  • Controlled processing environment
  • Centralized execution
04

Certificates per storage medium

For every processed storage medium, documentation is recorded.

Depending on the method applied, this can consist of erasure certificates, destruction certificates and additional audit information. This documentation is linked to the relevant storage medium and made available centrally within the project file.

This keeps it demonstrable which method was applied and when processing took place.

Sanitization Certificate
Device Serial Number
Method Applied
Verification Result
Timestamp
05

The right method for every storage medium

Not every storage medium calls for the same approach.

Traditional hard drives, SSDs, mobile devices and server storage have different technical properties and sometimes require a different method of processing.

The sensitivity of the data also plays a role in the choice between erasing, sanitizing or physical destruction.

Device Type
Risk Classification
Selected Method
Verification
Certificate
06

When erasure is not possible

Some storage media are defective, damaged or no longer accessible.

In those situations, software-based processing cannot be carried out. Physical destruction then forms the final step of the process, so that these storage media are also demonstrably and permanently taken out of use.

This processing is likewise recorded within the audit trail and project documentation.

Media Detected
Sanitization Impossible
Physical Destruction
Destruction Certificate
07

Demonstrably recorded

Data destruction is only valuable when it has been demonstrably carried out.

That is why the method applied, certificates, serial numbers and project data are recorded within one verifiable file. This gives organizations the documentation they need for audits, compliance obligations and internal controls.

Available Documentation
  • Sanitization Certificates
  • Destruction Certificates
  • Audit Reports
  • Asset Records
  • Project Documentation

Frequently asked questions about data destruction

Which method is applied to my storage media?

That depends on the type of storage medium and the security requirements. Based on this, a choice is made between Clear, Purge or physical destruction to NIST 800-88. The chosen method is recorded in the project file.

What is the difference between Clear, Purge and physical destruction?

With Clear, data is overwritten and no longer accessible to regular users. With Purge, additional techniques make recovery practically impossible, even with specialized tools. With physical destruction, the storage medium is physically destroyed and permanently rendered unusable.

Can data destruction take place at our own location?

Yes. For environments where storage media may not leave the premises, processing can take place entirely on site, for example in a server room or datacenter. Where transport is permitted, processing takes place within a secured facility.

Which certificates do I receive?

Depending on the method applied, you receive erasure certificates, destruction certificates and additional audit information. This documentation is linked to the relevant storage medium and made available centrally within the project file.

What happens to defective storage media?

Storage media that are defective, damaged or no longer accessible cannot be processed via software. Physical destruction then forms the final step, so that these media are also demonstrably and permanently taken out of use. This too is recorded in the audit trail.

How is the processing documented?

The method applied, certificates, serial numbers and project data are recorded within one verifiable file, so it remains demonstrable which method was applied and when processing took place.

Erase data before hardware leaves your organization

Process storage media to NIST 800-88, supported by certificates, audit documentation and a verifiable process.