According to your needs and device type
Revision-proof deletion and destruction of data media
Hard disk drives - SSDs - Storage systems - End devices
according to existing standards or your specifications
We handle the deletion of data carriers and device configurations on site or off site
In the course of hardware recycling, we ensure that the data contained on the devices is deleted. In doing so, we follow recognized guidelines such as NIST800-88 and your internal guidelines.
At the latest at the end of the life cycle of a device, the question of secure and regulation-compliant data destruction arises. It is only possible to avoid erasure if the publication of the data does not have any negative impact on the company, the company assets or the persons concerned. We support you with the inventory and categorization of your hardware according to data carrier type.
Classification of data
The classification of the data determines the need for protection and thus basically the handling of the data carriers. Ideally, a guideline (Data Classification Policy) already exists in the company on the basis of which the data is classified by the individual organizational areas or per IT system.
Usually there is a subdivision into three to five protection levels according to the type of data, the possible damage to the company or persons in case of unintentional publication or according to legal regulations (e.g. GDPR, BDSG, E-Health).
Examples of protection level classifications:
+ According to possible damage caused by publication
+ GDPR Protection level concept of the LfD Lower Saxony
+ GDPR Protection Level Concept Independent Data Protection Centre Saarland
+ Official security classifications
Based on data classification, the correct procedure for data destruction can be selected. Besides the type of data carrier, ecological and economic aspects become relevant.
The guidelines of the American National Institute of Standards and Technology (NIST) are often used as an aid to selecting the appropriate process (http://dx.doi.org/10.6028/NIST.SP.800-88r1). These provide a general overview of the available methods and make recommendations regarding which erasing method should be used depending on the type of device and protection level.
It should be noted that due to the large number of systems available on the market, the NIST guidelines cannot take into account the manufacturer-specific characteristics of the products. Thus, depending on the system, there may be further options for effective data destruction.
On site or off site
In the best case scenario, verified data deletion takes place as part of the decommissioning process using pre-defined procedures, before the data carrier or device leaves the company.
Whether this is done by defined personnel or by a service provider depends on the compliance requirements of the company and the sensitivity of the data.