Every company or institution has to deal with outdated and/or surplus IT hardware. You would, of course, like to dispose of this hardware safely and responsibly. Often, the hardware also contains data. Data that you own as a company or institution. You want these data to be destroyed professionally.
There are many questions to consider before handing over your (old) data-carrying hardware. Should the data carriers be destroyed in their entirety? If so, how should this be done? Can the data carriers be reused after they have been made data-free? If so, what method should be used to erase the data?
“5 tips to consider when disposing of and having your data carriers destroyed”
When destroying data carriers, always ask the company how the data carriers are collected. Count the data carriers (hard disks) and always make sure that the number is stated on the CMR or the consignment note. Also make sure that the company collecting the data carriers uses packaging that can be closed and sealed.
Do you want your hard disks to be shredded? Ask the company shredding the hard disks what standard is used. A standard that is often used when destroying hard disks is DIN 66399 protection class 3, safety level H5. Since 2013, DIN 66399 has been the European standard for the complete process of shredding or destroying all types of data carrier. Protection class 3 is a very high protection level and H5 describes the destruction of hard disks with a maximum shredder size of 320 mm²
Always ask the company for a certificate of destruction. Make sure that the certificate contains at least the following information:
– Date of receipt by the company;
– Date of destruction;
– All serial numbers of the destroyed data carriers;
– Name of the supervisor;
– The way in which the data carriers were destroyed.
If you allow the data carriers to be erased or wiped, always ask how this is done. Holland Recycling is a certified Business Partner of Certus Software, the only EU-based service provider for the erasure of data. The software is certified according to the National Cyber Security Centre (NCSC) and Common Criteria EAL3+. This is currently the highest recognised security standard in the EU for data destruction. Depending on external or internal compliance regulations, for example the GDPR, you can choose from 21 different erasure methods to comply with them.
When wiping data carriers, you should also always ensure that you receive a Certified Data Erasure Report. This report is important for you as the disposer of the data and provides insight into the overwriting methodology used. You can then check whether the company has erased the data carriers as agreed.
Want more tips? Feel free to contact us. Our passionate staff would be happy to discuss all matters with you.