About ERI’s Data Destruction Services
ERI’s Data Destruction services guarantee the destruction of all data via on-site or off-site destruction methods while providing value-add services such as asset serialization, destruction witnessing, IT Asset Disposition (ITAD), and other services.
ERI offers the highest level of transparency with real time visibility and tracking of material through ERI’s robust reporting and services’ management portal, Optech™. ERI can provide the highest levels of sensitive data destruction as certified by our National Association for Information Destruction (NAID) AAA certifications at all facilities, the highest available certification for our industry.
ERI can destroy data on virtually any data bearing device, including hard drives, media drives, SD cards, cell phones, and more. ERI can destroy solid state data devices into particles that are nominally two millimeters edge length in size.
Types of Data Destruction Services
ERI provides multiple levels of data destruction:
Data security is at the core of ERI’s business. ERI is trusted by corporate and government customers alike, and is independently audited and certified on all our processes by NAID. ERI gets it right every time. Data destruction entails registration/serialization of data bearing assets and data sanitization or physical destruction in accordance with NIST 800-88 Rev1 to clear, purge, or destroy data based on the media and data security classification. This is by far the most common level of data destruction and meets or exceeds the requirements of most customers.
Enhanced Data Destruction
Some business sectors require a higher level of data eradication via enhanced wiping with multiple wipes or media shredding, our enhanced data erasure services offer physical or software destruction methods (or both) either on-site or at a secure ERI facility with full chain of custody, including Transportation Security Administration (TSA) certified drivers, lock boxes, and optional video verification of data destruction in accordance with NAID certified procedures.
High Security Services – Observed Data Destruction
High security services at our facilities include dedicated destruction loads for data bearing assets escorted by the customer and processed under observation by the customer as well as highly trained security personnel, complying with the customer’s specific requirements and applicable data security regulations. All other devices will be processed according to NSA/CSS Policy Statement 9-12, “NSA/CSS Storage Device Sanitization”.
On-site Data Destruction/Shredding
For businesses that dictate a higher level of data security via shredding of data bearing devices on-site, our on-site data shredding services offer physical destruction methods with a full on-site chain of custody and traceability of all media processed.
Generally reserved for government contractors and agencies, demilitarization services are similar to high security services with the addition that no non-essential personnel will be within the processing area and no other lines or activities are authorized while processing the customer’s assets. All materials are escorted into the facility by both the customer’s contractor and a government agency representative. ERI, the contractor, and government representatives will sign off on the witnessed destruction. ERI can provide sanitization, disposal, and recycling of assets up to “TOP SECRET” classification in accordance with NSA/CSS Storage Device Sanitization Manual.
ERI maintains strict security controls and protocols including physical security through video surveillance, card or biometric access to secure areas, motion detectors, walk-through and handheld detection equipment, and third-party security personnel regardless of the level of data destruction services ordered. Further, customer specific processes can be defined as required to meet the unique needs of each customer.
Physical Security at All 8 U.S. Processing Facilities
- Guarded Facility Business Hours
- Guarded Facility 24/7
- Fenced and Gated Perimeters
- Video surveillance of main areas and entry points 24/7
- Third-party monitored security and alarm system including motion detection
- Metal detector for performance floor entry/exit
- Secured area for Asset Management and Data Destruction with entry for authorized personnel only
- Metal detector wand and RFID card and Proxy Ready entry/exit for Secured Area
- Folding security gates on doors, loading dock doors and trucks containing material backed into loading docks
About The DoD 5220.22-M “Standard”
We often get requests to confirm we meet the DoD 5220.22-M Standard. There really is no such standard. DoD 5220.22-M is the National Industrial Security Program Operating Manual (NISPOM) last updated in 2006 that provides no specific method of data sanitization. The reference to DoD 5220.22-M is generally understood to mean an early data wiping method that was first introduced in a 1995 supplement to the NISPOM as a three pass overwrite method, but this method is no longer referenced or approved for use by the DoD or any Federal agency. Also, a seven-pass method was later documented in a 2001 memorandum and is referred to as DoD 5220.22-M ECE. ERI can certainly use either method for data sanitization but it is important to note that the generally accepted standard for regulatory compliance is NIST 800-88 R1.