Hard Drive Certificate of Destruction
The National Institute of Standards and Technology (NIST) has developed Guidelines for Media Sanitization – NIST 800-88. This document assists organizations in implementing a media sanitization program with proper and applicable techniques and controls for sanitization and disposal decisions considering the security categorization of the associated information confidentiality. The Internal Revenue Service’s IRS Publication 1075 Media Sanitization Guidelines’ follows the guidance set forth in NIST SP 800-88 for media sanitization and destruction.
Conforming with NIST 800-88 Media Sanitization requires more than simply shredding or erasing hard drives. Proper reporting is required under NIST 800-88. The following document is only a portion of the guidelines set forth by the National Institute of Standards and Technology.
NIST 800-88 states that disk drives containing high security information should be shredded when leaving our custody. All of the information on our system is high security – so we shred.
HARD DRIVE SHREDDING OR ERASING
NIST 800-88 describes three methods for sanitizing hard disk drives, 1) erasing, 2) degaussing and 3) shredding. NIST 800-88 considers physically shredding hard drives the most secure form of data destruction and should be used for confidential information. Maybe that’s why Hillary Clinton shredded hard drives instead of erasing or degaussing.
IRS Publication 1075 Media Sanitization Requirements
E-Waste Security of Hard Drive Shredding
skdjfl;ajsgio;hqwIRS Publication 1075 clarifies the implementation of electronic media sanitization. In general, IRS 1075 follows the guidelines set forth in NIST SP 800-88, Guidelines for Media Sanitization.
The IRS policy provides specific guidance on techniques that should be used for Federal Tax Information (FTI) by clearing, purging and destroying the FTI based on the type of media housing the FTI. Verifying the selected information sanitization and disposal process is an essential step in maintaining confidentiality. Generally, destruction should be witnessed by an agency employee.
The decision to erase or physically destroy hard drives should be based on your organization’s policies and procedures governing data security and destruction. Many business and organizations are now required to have a written Identity Theft Prevention Program per the Federal Trade Commission’s Red Flags Rule.
E-Waste Security has provided NIST 800-88 hard drive destruction services to governmental agencies such as the Jet Propulsion Laboratory and NASA as well as Fortune 100 corporations.
If your data destruction project needs to comply with NIST 800-88, HIPAA, HITECH, GLBA and FACTA we can help.