Data security is a heavily discussed topic, the reason for which lies in its critical importance. All too common breaches continue to bring the subject back to the limelight. Experts and influences implore businesses to do more to protect their sensitive data stores. This protection shouldn’t end along with the active use of a device. Secure data destruction at the time of equipment decommissioning is absolutely vital to ensure the continued protection of any data. The data destruction and decommissioning process can be a complex one. So we’ve put together this glossary of terms to throw some light on some of the common areas of confusion.
An asset register is a complete register of your IT estate. Documenting the model, age, condition and value of each of your IT assets, the register aids businesses in developing upgrade or migration plans. Additionally, it identifies redundant equipment that needs to be securely decommissioned prior to disposal or resale.
CESG is the government’s National Technical Authority for Information Assurance and advises organisations on how to protect their information and information systems against today’s threats.
Certificate of data destruction
A certificate of data destruction records all items processed, indicating the full completion of all data destructions services and therefore serves as your proof of compliance. Organisations should ensure they receive a Certificate of Data Destruction from their security partner.
Data wiping or data erasure uses software to securely overwrite the data on a hard drive disk or other digital media. In so doing, all traces of the data are destroyed and non-recoverable. In the case of data wiping, the disk itself usually remains operable, preserving the asset for future use.
Degaussing is a demagnetising process by which the data stored on a tape or disk is destroyed through exposure to a powerful magnetic field. This process renders the hard disk inoperable and is therefore more suitable in a high security environment. The physical item, meanwhile, remains intact for easy dismantling and recycling. Stronger magnetic pulses can also be used to destroy more highly classified data.
Fair market valuation
A fair market valuation is an estimate of the value of your asset based on precedent and market knowledge.
HM Government/Corporate grade
Offering a higher level of security, HM Government/Corporate grade services are suitable for most national and government corporations, professional and financial services and also organisations with large amounts of sensitive data. It also assists organisations requiring compliance with specific statutory, regulatory or contractual duties such as with the Financial Services Authority or Security Policy Framework.
ISO is the international organisation for standardisation. Its accreditations serve as a mark that the products or services in question meet the required standards for quality, safety and efficiency. Specific ISO accreditations to look out for in relation to a data destruction provider include ISO 27001 information security management system, ISO 9001 quality management system and ISO 14001 environmental management system.
Military-grade security levels demand on-site data destruction by a security-screened individual using a highly regulated, CESG, CPNI and MOD approved, process to provide the highest level of security. In this scenario, it is likely that multiple destruction methods would be used and the service is relevant for military and diplomatic services, critical national infrastructure and law enforcement agencies.
Physical destruction means the disk or tape is physically and irrecoverably destroyed through the use of dedicated crushing or shearing equipment. This method damages the hard drive platter and/or drive mechanism and so provides a basic level of security acceptable for most SMBs. Therefore, organisations looking for a greater level of security should look to shredding and data wipe services.
Providing a greater level of physical destruction, shredding cuts or grinds equipment into smaller pieces. Which obviously provides a greater level of security. Hence, this form of destruction is suitable for disks, mobile phones and USBs.
The SME grade security bracket is suitable for most small and medium sized businesses. Also smaller charities, societies and private individuals. It complies with the standard Data Protection Act to meet basic statutory obligations and protection against ID fraud.
Waste Transfer Note
A Waste Transfer Note details the transfer of waste from one person to another. It ensures a clear audit trail as proof of compliance of each party involved in the lifecycle of a product from production through to disposal. Waste Transfer Notes must be retained for at least 2 years and produced on demand to the Environment Agency or local authority.
WEEE stands for Waste Electrical and Electronic Equipment and includes most items that use a plug or battery. The WEEE directive is a European legal standard for the secure and environmentally friendly disposal of WEEE items. The regulations with regard to WEEE are fairly complex due to different categories of equipment with different requirements. First and foremost, where equipment disposal can be avoided, it should be. Furthermore, where reuse really is an unfeasible solution, WEEE needs to be treated carefully through the correct disposal process. Electronic waste originating in the EU should also, where possible, remain within the EU for processing.
Want to learn more about our WEEE, System Decommissioning and Lifecycle Services? Check out our Value Added Services.