Data Sanitization

Data sanitization (or clearing/wiping) is a software-based process that completely overwrites the hard drive with random zeroes and ones, effectively obscuring any residual data left on the device under several layers of meaningless binary.

Wiping drives that are simply going to be recycled is obviously a wasted expenditure. As such, companies tend to only pay to erase hard drives that retain a feasible amount of secondary market value that can offset erasure costs. However, drives that are under restrictions like HIPAA, PCI or FISMA often cannot be wiped per their compliance requirements; these drives must instead be destroyed. Proof of data destruction removes liability from your organization and provides a paper trail that ensures all data is accounted for.

For data sanitization, CentricsIT adheres to industry standard DoD 5220.22, created by the Department of Defense. For DoD 5220.22, the standard number of overwrites is 3, extended is 7 (two runs of DoD with an extra pass on top), and the “paranoia pass” is 21+, but the latter wears out the drive more quickly.

Though data sanitization does not provide the same physical assurance that the data cannot be accessed, it has its own benefits. Data sanitization is more costly than data destruction, but it is considered more sustainable because the data bearing equipment can be reused. Sanitized drives can be reused by an organization or remarketed, recovering funds for the IT department.

For all devices that have undergone data sanitization, CentricsIT provides certificates of data sanitization along with detailed reporting, when services are completed.

Security certificates and reports are important documents to have for compliance and auditing purposes. CentricsIT will make every effort to accommodate your logging and reporting requirements to help maintain compliance by any standards, whether internal to your organization or mandated by a governing authority.