Data Deletion Standards used by 3R-iT

Secure Data Deletion

Data Security

You are probably aware of the recent media interest regarding the security of IT data and the impact on businesses and public bodies when sensitive data escapes in to the public domain.

Several high profile data breaches from government departments have made the headlines in the past year, and the Information Commissioner has taken enforcement action against a number of companies following the loss of their customer data. 

Instances have also been publicised where sensitive data has been obtained through network equipment purchased on the internet.

Whether it's sensitive, personal or corporate information, you can rest assured that we take data security every bit as seriously as you do.

Our Data Destruction Standards are amongst the world's HIGHEST.

We provide complete peace of mind by guaranteeing all aspects of your data is properly deleted using BLANCCO software with GESG Level 5 security, our system has been approved for Government data cleansing here in Britain, (and in fact exceeds all the standards set by US Federal Government).

We also use WiebeTech's Drive eRazer Technology as a secure stand-alone for drives that have already been removed as it is faster than software programs, and doesn't require a computer to securely wipe all data.

On network equipment our centres will undertake the full factory reset to default of data contained on network switches and routers ensuring all customer-specific settings are removed. 

Our data destruction standards for ICT disposal rank among the highest in the world.

ALL computers undergo as standard, a three pass scrambling of the data, where random information is written and then redeleted to every sector of the hard drive. This process will prevent commercially available data recovery software from recovering useable data from the disks and comprises our minimum standard method of data destruction. This method is compliant with, (and exceeds) the physically non-destructive aspect of the DoD 5220.22-S specifications (for Classified Data).

If required, even more rigorous processes can be carried out (see our Data Deletion Service for more details). In certain situations, the entire hard disks may be physically destroyed.

To ensure complete eradication of data from donated systems we use the following tools:

Blancco Logo Erasure Software

Blancco Ltd. is an international data security company that specialises in data destruction software and computer reuse management solutions for corporations, governments and computer remarketing companies worldwide.

Certifications

Blancco’s products exceed international security standards and adhere to international certification processes. As early as 2003, Blancco’s was the only data erasure utility to have passed confidential and top secret standards and be accredited as an HMG InfoSec-approved product by the Communications Electronics Security Group – the United Kingdom’s government information technology security regulators. Blancco’s security certificates and approvals include:

  • United States Department of Defense (USA DoD)
  • National Security Testing Lab (NSTL)
  • Communications Electronics Security Group: United Kingdom Information Technology Group (CESG)
  • Defense InfoSec Product Co-Operation Group: United Kingdom Ministry of Defense (DIPCOG)
  • Norwegian National Security Authority (NSM)
  • The Polish Internal Security Agency (ABW)
  • Netherlands National Communication Security Agency (NLNCSA)
  • TUV Hannover/Sachsen-Anhalt (TUV) – a commercial organization dealing with technical safety, the commercial efficiency of plant and environmental protection.
  • General Intelligence and Security Service of the Netherlands (AIVD)
  • Central Information Systems Security Division under the authority of the French General Secretary for National Defence (DCSSI)
  • Refurbished (reuse) Information Technology Equipment Association (RITEA)
  • NATO Recommended
  • Swedish Armed Forces

Standards

The following international deletion standards are supported by Blancco software:

  • Air Force System Security Instructions 5020
  • Bruce Schneier's algorithm
  • BSI (German overwrite standard by Federal Office for Information Security/ Bundesamt für Sicherheit in der Informationstechnik)
  • German Standard VSITR
  • HMG Infosec Standard No: 5 (baseline) [Note: Certified versions: 4.5 HMG and 3.7r1]
  • HMG Infosec Standard No: 5 (enhanced) [Note: Certified versions: 4.5 HMG and 3.7r1]
  • Navy Staff Office Publication (NAVSO P-5239-26) for RLL
  • NSA (Overwrite standard by National Security Agency)
  • OPNAVINST 5239.1A
  • Peter Gutmann's Algorithm
  • The National Computer Security Center (NCSC-TG-025)
  • U.S. Department of Defense Sanitizing (DOD 5220.22-M, DOD 5220.22-M ECE)
  • U.S. Army AR380-19
  • NIST 800-88/ATA secure erase
  • Extended NIST 800-88

Flash based erasure standards:

  • NAVSO P-5239-26 (TOP SECRET) for SSD
  • NAVSO P-5239-26 (SECRET or CONFIDENTIAL) for SSD
  • US Department of Defense Sanitizing DOD 5220.22-M for SSD

WiebetechDrive eRazer Technology

Established in July 2000 by James Wiebe, Wiebetech specialises in Data storage and security technology. Its client base includes IT professionals and computer forensic analysts who know they can count on WiebeTech products.

WiebeTech's forensic products are in use at the following agencies: FBI, Secret Service, ATF, IRS Criminal Investigation, and others. Products are also in use in a variety of foreign governments, including Canada and the UK.

Standards

The eRazer Pro provides "Secure Erase", a NIST certified method of wiping a hard drive: Secure Erase mode sequentially overwrites every single bit/track on the hard drive. Both modes overwrite data left at the end of partly overwritten blocks and directories. It better handles, data on "bad blocks".

Secure Erase could be considered even safer, since manufacturers will trigger specialised clearing commands, making sure to clear any drifting data in the otherwise untouched track margins on the drive platter.

  • Deletes all blocks including partitions and data hidden inside Host Protected Areas, even ones normally invisible to operating systems.
  • Per industry specifications for the Secure Erase feature, will leave any HPA & DCO areas (which are partitions set in firmware) intact, though all data within them is deleted (along with all other data on the drive).
  • is NIST approved method for purging data from hard drives (publication 800-88)

NIST special publication 800-88 "Guidelines for Media Sanitization" addresses Secure Erase specifically:

"Degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods for purging."

You should note that degaussing will render the target drive useless. Drive eRazer does not destroy the target drive (only the data).

We're confident that no data recovery is possible with either of the methods we use.

From those friendly people at DOT-COMmunICaTions