Menu Hide

It’s one thing to say you were born on a specific date. But organisations, like banks, only believe it if you can produce a birth certificate. 

A data erasure certificate is the same. When someone takes your business to court over improper use of data, the certificate will save your reputation. 

If you’re considering using software for data erasure, read this article first. We discuss: 

  • The meaning of data erasure
  •  Why you need a data erasure certificate
  • Some key terms used when describing data erasure
  • Data erasure certifying bodies
  • Other questions that are bound to strike you

What is a Data Erasure Certificate? 

A Certificate of Data Destruction (CoD) is an audit document. It guarantees that the information in a digital storage device has been destroyed. 

The standards for issuing a data erasure certificate are defined by various governing bodies whose pivotal role is to protect the private data of the people. So there are various standards that the destruction method should adhere to. 

The certificate should also contain certain specific information for it to be auditable. Here are the various details that a data erasure certificate must contain:

  • A unique identifier
  • Information of the storage device erased - Model, brand, and serial numbers 
  • Information about the data erasure method used
  • Name of the data erasure software (if used)
  • Name of Technician performing data destruction or sanitization
  • Signature of the official verifying the disposal process
  • Details of verification method used
  • Results of the erasure details along with a status note

Why Do You Need A Data Erasure Certificate?

A data erasure certificate acts as proof of data wiping. It’s as simple as that. It assures that the data was destroyed in compliance with the data destruction standards. 

Here are the 4 key benefits of a Certificate of Data Destruction:

  1. Assures 100% data protection

Data sanitization is the last step in the lifecycle of data. A data erasure certificate ensures that the last step has been completed effectively. As a result, the possibility of data leakage is negated. 

  1. Ensures compliance is met

Every business is governed by standards and policies for how it must manage data. The standards are legally enforced. Some areas of compliance are:

  • The duration of how long the data can be held
  • The manner in which the storage device must be destroyed 

A CoD ensures that the required compliances are met.  

  1. Proves data destruction

The certificate of destruction proves that the data destruction strategy followed approved methods. This, in turn, gives all stakeholders peace of mind that their sensitive data is managed appropriately. 

  1. Abides by NIST Mandates 

NIST Cybersecurity Framework is considered the golden standard for data protection. A CoD is a part of the NIST SP 800-88 mandates. 

Some Key Definitions: Validation, Standards

When we were talking about Data Erasure Certification, you would’ve noticed we mention Data Erasure Validation. Though they may seem like similar concepts, data erasure validation is different.

Validation is given by a third-party organisation. Since they will have nothing to do with your organisation, a data erasure validation is considered a better proof of erasure. 

We also mentioned data destruction standards. 

Data erasure standards are the rules that an organisation must abide by in its data management policy. To be eligible for a data erasure certification, the organisation should follow the standards.  

Data Erasure Certifying Bodies

Certificates of Data Erasure are awarded by various bodies. Some operate internationally while others are region-specific. 

A certified data erasure software issues a data eraser certificate. But for them to be able to do so, the data erasure software should adhere to the standards set by the certifying body. 

For example, to be ‘NIST-certified’, the software you use for data destruction must adhere to NIST guidelines. BitRaser, for instance, is an NIST-tested and approved data erasure software.

Here are some of the data erasure certifying bodies:

  1. Common Criteria (ISO 15408) 

The Common Criteria validates that a product satisfies a set of security requirements. It was developed as a collaborative effort of 6 countries.

  1. ANSSI 

This is the French National Cybersecurity Agency. The agency proposes guidelines for the protection of information systems. 

  1. NYCE

NYCE is a National Standardization Organization based in Mexico. It provides recommendations and certifications worldwide for various industries including telecommunications and IT. BitRaser is an NYCE-certified data erasure software. 

  1. NIST

NIST was founded in 1901 and is a part of the U.S. Department of Commerce. Its Guidelines for Media Sanitizations is considered the worldwide benchmark.

Here are some third-party validations and endorsement bodies:

  1. STQC

Standardization Testing and Quality Certification (STQC) Directorate is a Government of India service. STQC is a third-party certification agency that provides quality assurance certificates for a variety of industries. BitRaser Drive Eraser holds an STQC certification. 

  1. ADISA 

ADISA is a certifying body that provides asset disposal certificates to organisations. The IT Asset Recovery Certification scheme focuses on asset recovery and media sanitization. The ADISA Standard 8.0 is approved by the UK Information Commissioner's Office. BitRaser is tested and certified by the ADISA Claims Test. 

  1. Ontrack

Ontrack is a data recovery and management business. It also provides Data Erasure Verification endorsements. BitRaser has an Ontrack endorsement.

Data Erasure Certification: A must, not a compromise

Using data erasure software that follows guidelines is one thing. But the software should be able to provide you with a document that verifies that data is erased.

And even if software generates this report, it may not stand in a court of law unless it is auditable. The tool you use should be validated and certified by data privacy governing bodies. 

Having this document can save your business from litigation and give your product more trust among users. 

Data Erasure Certification: FAQs

What is a Certificate of Erasure?

Proof of erasure or proof of secure erasure (PoSE) is a protocol followed by embedded devices. The certificate proves to a verifying party that all its writable memory has been overwritten.

The PoSE is used to ascertain that no malware exists in an embedded device. 

What is the most secure method of data erasure?

Most data erasure methods rely on passes, i.e. the number of times the device is overwritten. The Gutmann Algorithm uses 35 passes to overwrite data in a device. Hence, it is considered one of the best.

Physical data destruction, like degaussing, is also a fool-proof method of destruction for magnetic tape devices. But, this renders the device unusable. 

What are the methods of data sanitization?

There are typically four methods of data sanitization – physical destruction, data masking, data erasure, and cryptographic erasure.

Physical destruction uses methods like shredding or incineration to destroy the device.

Data Masking is a method where the data is essentially faked. It includes character shuffling, word randomization, and word replacement. This makes the data encoded. 

What is the difference between data deletion and data erasure?

Data deletion is when you remove a file from a visible location on the device. SHIFT+DEL is an example.

Data erasure wipes the data from the storage media. Erasure aims to make the file unrecoverable. Overwriting is a form of data erasure.  

How do you permanently erase data so that it cannot be recovered?

A certified data erasure software is the best way to erase data from devices. 

100% of people found this article helpful