Is hard drive shredding necessary?
Hard drive shredding is a secure way to ensure that personal and customer data contained in hard drives is destroyed. Hard drives store their data on what are called “platters”. Hard drives shredding ensures that these platters are destroyed. After this, the risk of information being recovered is almost nonexistent. Hard drive shredding is an approved way to destroy hard drives. It is endorsed by the National Institute of Standards and Technology (NIST) which is a United States government organization. Using a professional shredding device is the easiest way to ensure that a hard drive’s data is infeasible to recover. There are other ways to destroy data such as through approved sanitization and degaussing methods. However, many organizations require hard drive shredding.
Will other destruction methods work, like drilling hard drives, or crushing them?
Hard drive shredding is one of the best ways to reduce the risk of a data breach. From the NIST handbook on media sanitization: “Bending, Cutting, and the use of some emergency procedures (such as using a firearm to shoot a hole through a storage device) may only damage the media as portions of the media may remain undamaged and therefore accessible” Because of this, hard drive shredding is recommended over these methods.
How do I know my information has been destroyed after shredding?
Choosing a certified vendor to perform hard drive shredding services is important. Unannounced audits such as those performed by the National Association of Information Destruction (NAID) provide the guarantee that a vendor’s facility is secure and that their processes for hard drive shredding and destruction meet rigorous quality standards. Additionally, NAID certified vendors such as Avritek are required to provide serialized Certificates of Destruction upon completion of any hard drive shredding project.
How do NAID AAA Certified vendors protect my data?
In a nutshell, NAID AAA Certified organizations help their clients meet their regulatory compliance obligations, including: HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley), PCI (Payment Card Industry Security Standards) and FACTA (Fair and Accurate Credit Transactions Act).
- More than 1,000 operations on five continents are certified by NAID, including mobile, plant-based,paper, and computer destruction services. NAID certification is required by hundreds of government offices and thousands of private contracts.
- NAID certification is acknowledged by many accreditation programs, such as those offered by theInternational Association of IT Asset Managers, the Institute of Certified Records Managers, and the R2 IT asset recycling program certification offered by the Sustainable Electronic Recycling Institute (SERI)
- All NAID certified service providers are subject to regularly scheduled, onsite audits by trained, accredited security professionals. In addition, random, unannounced audits are structured so NAID certified operators will not know when they will be audited next.
- The program requires written policies and procedures for each company to ensure incident response preparedness, employee training, and regulatory compliance.
- Accredited auditors review employee background screening and training, compliance with written procedures, access controls, operational security, destruction equipment, and confidentiality agreements.
- A customer may monitor compliance by subscribing to email notifications of the service provider’s certification renewal, audit, or lapse.