Our certified data destruction has a lot of certifications that, well, may seem overwhelming to those of you who don’t know a whole lot (or anything, for that matter) about data destruction certifications or data sanitization methods. If you are like most people, you will feel more at ease when seeing that the “U.S. Department of Defense” backs one of our certifications, but that doesn’t mean that you know any more about what protection the certification actually provides. Apart from that, there are some other certifications that essentially mean nothing to you if you are not in the IT asset remarketing businesses. However, today we will explain in brief what each of the certifications means to you and your turned-in tech and why you should be rest assured that we are keeping your data safe.
U.S. Department of Defense 5220.22-M
The U.S. Department of Defense 5220.22-M, also referred to as the National Industrial Security Program (NISP), is actually an operating manual created by the government in response to Executive Order 12829 on September 27, 2004. This 140+ page manual describes the “baseline standards for the protection of classified information released or disclosed to industry in connection with classified contracts under the NISP.” In other words, it lays out all of the standards for protecting the government’s classified information, including suggestions on data sanitization. These standards have been adopted by data destruction companies like ours and are now commonly found in data wiping software used today.
HIPAA and PCI
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 for the federal protection of health information of “covered entities and their business associates”. It provides protection to individuals’ health information by limiting who can view or communicate private health information “whether electronic, written, or oral.” By being HIPAA compliant, companies are agreeing to follow this federal law by never exposing protected health information to any unauthorized parties or practitioners.
The Payment Card Industry Data Security Standard (PCI DSS), abbreviated on our site as PCI, is defined on the official website as “comprehensive standards and supporting materials to enhance payment card data security.” The PCI DSS is a resource for companies to ensure they are providing maximum protection to consumers’ credit card information. It also defines a payment card data security process in the event of a security risk or data breach.
Following financial scandals and misrepresentations (led by Enron) occurring from 2000-2002, the Sarbanes-Oxley Act of 2002 was established to regulate “financial practice and corporate governance.” It aims to keep companies honest through internal and external auditing standards, and holds the CEO’s and CFO’s accountable for financial statements reported to the government.
NIAP’s EAL4+ Security Standard
The data sanitization software used by IT Liquidators is the only data erasure that is certified by the National Information Assurance Partnership’s (NIAP) EAL4+ Standard. In order to be given this validation, the software was tested in “an accredited testing laboratory using Common Methodology for IT Security Evaluation for conformance to the Common Criteria for IT Security Evaluation.” By receiving this validation under the rigorous testing conditions, the NIAP ensures that no data is leftover after a wipe event is performed by the software and therefore remains secure from breach.
Protecting your data is of the highest priority at IT Liquidators, and if you are planning on disposing of or selling your old or excess IT assets you should be sure to use a company that adheres to the topmost industry security standards. Part II of this blog will define the remainder of the standards adhered to by IT Liquidators’ certified data destruction and sanitization services.
For more information on our certified data destruction services, visit our webpage here.