Data securityData security is a heavily discussed topic, the reason for which lies in its critical importance. All too common breaches continue to bring the subject back to the limelight with experts and influences imploring businesses to do more to protect their sensitive data stores. This protection shouldn’t end along with the active use of a device. Secure data destruction at the time of equipment decommissioning is absolutely vital to ensure the continued protection of any data. The data destruction and decommissioning process can be a complex one, however, so we’ve put together this glossary of terms to throw some light on some of the common areas of confusion.

 

Asset register

An asset register is a complete register of your IT estate. Documenting the model, age, condition and value of each of your IT assets, the register aids businesses in developing upgrade or migration plans and identifying redundant equipment that needs to be securely decommissioned prior to disposal or resale.

CESG

CESG is the government’s National Technical Authority for Information Assurance and advises organisations on how to protect their information and information systems against today’s threats.

Certificate of data destruction

A certificate of data destruction records all items processed, indicating the full completion of all data destructions services and therefore serves as your proof of compliance. Organisations should ensure they receive a Certificate of Data Destruction from their security partner.

Data wipe

Data wiping or data erasure uses software to securely overwrite the data on a hard drive disk or other digital media. In so doing, all traces of the data are destroyed and non-recoverable. In the case of data wiping, the disk itself usually remains operable, preserving the asset for future use.

Degaussing

Degaussing is a demagnetising process by which the data stored on a tape or disk is destroyed through exposure to a powerful magnetic field. This process renders the hard disk inoperable and is therefore more suitable in a high security environment. The physical item, meanwhile, remains intact for easy dismantling and recycling. Stronger magnetic pulses can also be used to destroy more highly classified data.

Fair market valuation

A fair market valuation is an estimate of the value of your asset based on precedent and market knowledge.

HM Government/Corporate grade

Offering a higher level of security, HM Government/Corporate grade services are suitable for most national and government corporations, professional and financial services and organisations with large amounts of sensitive data. It also assists organisations requiring compliance with specific statutory, regulatory or contractual duties such as with the Financial Services Authority or Security Policy Framework.

ISO

ISO is the international organisation for standardisation as its accreditations serve as a mark that the products or services in question meet the required standards for quality, safety and efficiency. Specific ISO accreditations to look out for in relation to a data destruction provider include ISO 27001 information security management system, ISO 9001 quality management system and ISO 14001 environmental management system.

Military Grade

Military-grade security levels demand on-site data destruction by a security-screened individual using a highly regulated, CESG, CPNI and MOD approved, process to provide the highest level of security. In this scenario, it is likely that multiple destruction methods would be used and the service is relevant for military and diplomatic services, critical national infrastructure and law enforcement agencies.

Physical destruction

Physical destruction means the disk or tape in question is physically and irrecoverably destroyed through the use of dedicated crushing or shearing equipment. This method damages the hard drive platter and/or drive mechanism, providing a basic level of security acceptable for most SMBs. Organisations looking for a greater level of security should look to shredding and data wipe services.

Shredding

Providing a greater level of physical destruction, shredding cuts or grinds equipment into smaller pieces, providing a greater level of security. This form of destruction is suitable for disks, mobile phones and USBs.

SME grade

The SME grade security bracket is suitable for most small and medium sized businesses, smaller charities, societies and private individuals and complies with the standard Data Protection Act to meet basic statutory obligations and protection against ID fraud.

Waste Transfer Note

A Waste Transfer Note details the transfer of waste from one person to another to ensure a clear audit trail as proof of compliance of each party involved in the lifecycle of a product from production through to disposal. Waste Transfer Notes must be retained for at least 2 years and produced on demand to the Environment Agency or local authority.

WEEE Directive

WEEE stands for Waste Electrical and Electronic Equipment and includes most items that use a plug or battery. The WEEE directive is a European legal standard for the secure and environmentally friendly disposal of WEEE items. The regulations with regard to WEEE are fairly complex due to different categories of equipment with different requirements, but first and foremost, where equipment disposal can be avoided, it should be. Where reuse really is an unfeasible solution, WEEE needs to be treated carefully through the correct disposal process and electronic waste originating in the EU should also, where possible, remain within the EU for processing.

 

Follow us on LinkedIn, Twitter, Facebook or Google+ to make sure you never miss a post.

About HardwareLifecycle

HardwareLifecycle (a division of Hardware Group) ensures complete support throughout the full lifecycle of your IT assets, helping you balance your evolving technological requirements with your available resources. ISO security and quality certified, with extensive repair and refurbishment facilities, third-party support, buy-back, decommissioning and disposal services and a team of highly skilled engineers, we are able to address the financial, logistical and environmental challenges of your IT asset lifecycle with ease. For more information, please visit www.hardwarelifecycle.com.