Follow us: 

YouTube IconGoogle+ IconFacebook IconLinkedIn IconTwitter Icon

Data Destruction – Security Standards and Certifications Defined (Part 2)

Data Destruction Security Standards DefinedOctober 2014 marks the 11th year of “Cyber Security Awareness Month” as declared by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. To support this initiative to defend the American infrastructure against cyber-attacks, we have decided to continue to educate our customers and the general public about the different data sanitization standards that apply to the software used by IT Liquidators.

United States Military Branches’ Security Standards

Our data sanitization software follows the guidelines laid out by the different military branches to ensure proper erasure of stored information. The US Air Force System Security Instruction 5020, for example, is an official document defined by the Secretary of the Air Force that “provides guidelines and procedures for clearing and sanitizing various automated information systems (AIS) media for release outside of and for reuse within controlled environments.”

Other US Military standards that our software complies with include:

  • US Army AR380-19
  • US Navy staff Office Publication P-5329-26
  • US National Computer Security Center TG-025

International Defense and Information Security Standards

German VSITR

Our data sanitization software not only complies with numerous US data security standards, but also with international defense and information security standards. The German Verschlusssache IT Richtlinien (VSITR), translated roughly as “Classified IT Policies”, was defined by the German Federal Office for Information Security to prevent sensitive information being recovered on wiped hard drives. According to Tim Fisher, PC Support Expert at About Technology, it utilizes a 7-pass data sanitization method that prevents “most hardware based recovery methods from extracting information.”

HMG Infosec Standard No. 5 Enhanced

His/Her Majesty’s Government (HMG) Infosec Standard No. 5 Enhanced is a British Government certified data wiping and data destruction standard. It defines a 3-pass wiping method to ensure that data recovery cannot be accomplished after it has been wiped. The policy framework is overseen by the Chair of the Official Committee on Security (updated July 7, 2014 as of when this article was posted) and “describes the Cabinet Secretary and SO’s expectations of how HMG organizations and third parties handling HMG information and other assets will apply protective security to ensure HMG can function effectively, efficiently, and securely.”

Other international standards that our data sanitization software complies with include:

  • HMG Infosec Standard No. 5 Baseline
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • CIS GOST P50739-95
  • Australian Defense Signals Directorate ACSI-33 (X0-PD)
  • Australian Defense Signals Directorate ACSI-33 (X1-P-PD)
  • CSEC ITSG-06

When recycling or reselling your old or excess IT equipment, it is always best to ensure that they are using data sanitization software that complies with the strictest security standards to avoid putting your data at risk. Simply donating or recycling your equipment without having the hard drive data sanitized and wiped is never a wise decision. Make sure your team is properly decommissioning your technology and maintaining the integrity of your company’s sensitive information.

Learn more about IT Liquidator’s Certified Data Destruction services here.

Leave a Reply