Home » Latest News » Have You Considered the Importance of Your Data Destruction?
Share this on LinkedInShare this on FacebookTweet this pageRecommend to a friendPrint this page

Have You Considered the Importance of Your Data Destruction?


Delighted to see our in house and mobile disk destruction platforms running at speed!

160 x 6tb drives being wiped to DOD standards simultaneously. And that is not at full capacity either.

ADISA certified Disk Erasure station

Covenco ADISA certified Disk Erasure Station

As an ADISA certified ITAD, Covenco have a long understood the importance of good process for data security. Good business practice requires that broken, damaged, or redundant IT equipment needs to be disposed of correctly ! Currently only one company in the UK (ADISA) are backed by UKAS and the ICO (Information Commissioners Office) to be able to provide a standard for ITAD companies to certify against.

In my experience, I find companies of all sizes and backgrounds have a very varied approach, and levels of ‘concern’ regarding their data destruction methods. It surprises me. I would have thought it was equally important how data is processed at the end of life, as it is when in use. I have a simple ten step thought process that I outline with Covenco clients to help them consider the end-of-life choices. And protect themselves, their business, and its reputation!

  1. Value recovery vs. total destruction – a simple question of whether there is enough value in the asset to warrant selling it (and how to clean it thoroughly before), or whether to completely destroy the asset beyond data recovery. Bare in mind, when we say beyond data recovery, a few centimeters of tape will contain 1,000’s of records. So even total destruction needs careful consideration.
  2. What in house tools can you use 1st? – I am not suggesting a drive format is good enough to meet your data destruction requirements! But, it has its uses. Before sending your valuable data off site to be properly processed, a simple format / drive wipe will thwart most amateur hackers. And provide a minimum of protection at the outset should an asset go missing.
  3. Identify ‘fully’ what is being disposed. – This is fundamental, yet it surprises me how few people consider this. If you do not EXACTLY agree what is being collected with your ITAD, you can unwittingly create a data breach. Was it 8 or 9 drives that left the building? If 9, why have the ITAD only sent a certificate for 8? You can’t remember and they did not check. Now you have the concern that maybe a drive is missing, maybe in the courier’s van? And, by the law, that would likely constitute a data breach. Please, if you take no other steps – fully agree the asset disposal list! Its FUNDAMENTAL.
  4. Agree a time line to data safety – all good ITAD’s, and certainly all ADISA members, will be able to tell you how long it will take for assets to be erased or destroyed. In pother words, how long are you exposed?
  5. Collection and chain of custody – is there a solid chain of custody from you to the ITAD? Signatures and checks to confirm handover, you to the courier, courier to the ITAD. Does the courier have tracking on the vehicle? Have they been instructed / pledged to never leave the assets unattended – i.e. is the vehicle double crewed if they stop for fuel, a rest stop etc.
  6. Storage – check security. While YOUR data sits in the ITAD, how exposed are you? ADISA check physical security (cameras, alarms etc), access control processes, personnel and asset segregation at their member sites.
  7. What method to choose? – this is important, and links to whether there is value in the asset. If you are physically destroying, to what level? Standards exist to sizes of disk and tape fragments. Or if a disk / tape wipe – what is the method, the software involved, how many passes etc ? Again, ADISA put place in checks to randomly ensure data is unrecoverable on processed assets at their ITAD partners.
  8. Systems of record – you will, of course, expect a destruction record. But I have seen that simply say ‘220 disks’ at an unnamed site! It should be exactly the assets, record the serials and dates at the very least.
  9. Waste or Resale – this pertains to the asset after cleansing and speaks to your companies Green agenda. How does your ITAD process waste and what certificates do they have in place? Or better still, will they data wipe and resell? Nothing is more eco-friendly than getting more use out of an old asset rather than landfill or recycle.
  10. Don’t lose Sleep – a trite point, but by thinking through steps 1-9, you should be risk free on your asset disposal. Or as close as is possible. No IT Manager or CTO wants to report a data breach to the board. And in my opinion, ITAD disposal is one area where some simple and probably obvious choices can hugely reduce that likelihood.

If this has made you think twice about your data destruction or you want some advice – don’t hesitate to get in touch – our experienced team can solve all your data security worries.

Contact Covenco about 'Have You Considered the Importance of Your Data Destruction?'

This entry was posted in News. Bookmark the permalink.