ERI guarantees the destruction of all data via on-site or off-site destruction methods while offering value-add services such as asset registration, serialization, destruction witnessing, and other services.
ERI offers the highest level of transparency with real time visibility and tracking of material through ERI’s robust reporting and services’ management portal, Optech™. ERI can provide the highest levels of sensitive data destruction as evidenced by our National Association for Information Destruction (NAID) AAA certifications at all facilities, the highest available certification for data destruction.
ERI provides four levels of data destruction:
This level of data destruction entails registration and serialization of data bearing assets, asset tag removal, and data sanitization or physical destruction in accordance with NIST 800-88 Rev1 to clear, purge, or destroy data based on the media and data security classification. This is by far the most common level of data destruction and meets or exceeds the requirements of most clients.
Data destruction may be accomplished by physical or software means (or both) either on-site or at an ERI facility with full security chain of custody including TSA certified drivers, lock boxes, and optional video verification of data destruction in accordance with NAID certification required procedures.
High Security Services
High security services at our facilities include dedicated destruction loads for data bearing assets escorted by the client and processed under observation by trained personnel, complying with U.S. citizen requirements, , witnessed and the recycling specs are then approved by the client. All other devices will be processed accordingly. ERI can destroy solid state data devices into particles that are nominally two millimeters edge length in size in accordance with NSA/CSS Policy Statement 9-12, “NSA/CSS Storage Device Sanitization.”
Generally reserved for government contractors and agencies, demilitarization services are similar to high security services with the addition that no non-essential personnel will be within the processing area and no other lines or activities are authorized while processing the client’s assets. All materials are escorted into the facility by both the client contractor and a government agency representative. ERI, the contractor, and government representatives will sign off on the witnessed destruction. ERI can provide sanitization, disposal, and recycling of assets up to “TOP SECRET” classification in accordance with NSA/CSS Storage Device Sanitization Manual.
ERI maintains strict security controls and protocols including physical security through video surveillance, card or biometric access to secure areas, motion detectors, walk-through and handheld detection equipment, and third-party security personnel regardless of the level of data destruction services ordered. Further, client specific processes can be defined as required to meet the unique needs of each client.
Physical Security at All 8 U.S. Processing Facilities
- Guarded Facility Business Hours
- Guarded Facility 24/7
- Fenced and Gated Perimeters
- Video surveillance of main areas and entry points 24/7
- Third-party monitored security and alarm system including motion detection
- Metal detector for performance floor entry/exit
- Secured area for Asset Management and Data Destruction with entry for authorized personnel only
- Metal detector wand and RFID card and Proxy Ready entry/exit for Secured Area
- Folding security gates on doors, loading dock doors and trucks containing material backed into loading docks
About The DoD 5220.22-M “Standard”
We often get requests to confirm we meet the DoD 5220.22-M Standard. There really is no such standard. DoD 5220.22-M is the National Industrial Security Program Operating Manual (NISPOM) last updated in 2006 that provides no specific method of data sanitization. The reference to DoD 5220.22-M is generally understood to mean an early data wiping method that was first introduced in a 1995 supplement to the NISPOM as a three pass overwrite method, but this method is no longer referenced or approved for use by the DoD or any Federal agency. Also, a seven-pass method was later documented in a 2001 memorandum and is referred to as DoD 5220.22-M ECE. ERI can certainly use either method for data sanitization but it is important to note that the generally accepted standard for regulatory compliance is NIST 800-88 R1.