Blog January 26, 2024

How to select a data destruction provider (a checklist)

Checklist for Selecting a Gold-Standard Data Destruction Provider

When selecting a data destruction services provider or partner, there are two crucial objectives you should aim to achieve:

1. Prevent data breaches.
2. Obtain verification of 100% data destruction.

To help you fulfill these goals, we have compiled a comprehensive checklist titled “How to Choose a Gold-Standard Data Destruction Provider.” By following this checklist, you can ensure that your chosen data destruction provider delivers the necessary services and provides a supported, defensible Certificate of Data Destruction, should you require it.

Checklist for Selecting a Gold-Standard Data Destruction Provider:

1. NAID AAA Certification: Choose an organization that holds this certification, as it demonstrates compliance with data privacy laws and proven expertise in data destruction.

2. Onsite Data Destruction: Opt for providers that eliminate the risk of data and device loss during transit.

3. Reporting: Look for comprehensive verification reports that detail device information, destruction methods, audit results, item serial number scans, inventory validation and reconciliation, chain of custody information, and any specialized compliance reports.

4. Confidentiality Agreement: Ensure that the selected provider offers a confidentiality agreement to safeguard your data.

5. Certificate of Data Destruction: Request a digital Certificate of Destruction from the provider before they leave the premises. Additionally, ensure that all agreed-upon reporting and verification documents, including video links if applicable, are provided within a week of job completion.

6. Chain of Custody: Obtain full documentation of all asset transfers for destruction, including specific locations, dates, custodial names, and other pertinent details to comply with regulatory requirements.

7. Erasure Verification: Choose a provider that utilizes software to track and record the data sanitization process. The reporting and certificate of data destruction should include relevant details such as report ID, client name, equipment brand and model, equipment serial number, RAM and HDD sizes, model and serial numbers of HDDs, disk sanitizing method, number of passes performed, and number of bad sectors.

8. Physical Destruction Verification: Ensure that the provider offers secure shredding services to guarantee complete destruction of physical media.

By considering these factors and using the checklist, you can select a data destruction provider ensuring data security.