[show_avatar email=eoghancrosby align=left]Six years after the revisions and more research and data on sanitization, people still ask about DoD 3-pass sanitization. The truth of it is at this point it doesn’t exist. The DoD has decided that secure information that must remain secure must be destroyed. NIST has restated in clear terms that a two person rule (read human verification) shall be implemented, but no guidelines as to what method of sanitization (it could be a single wipe with dual human verification, or a single destruction with the same).
In today’s data rich environment companies and individuals should take into consideration there unique risk vs. value propositions. The tools are available to address any level of security issue. As a company we provide many levels of service from destruction only to sanitize and resell. Even as the service provider we are taking into consideration what risk we take when we place a program for our clients. Not only do we help interpret the guidelines but we too have to make the same decisions that our clients do everyday. Does this process provide enough value to balance the risk? It seems like an easy question but an entire industry has been created over the last 17 years over what is a low enough risk. What the industry is focusing on now is an educated opinion when putting together your program, with best practices and policies that can be implemented into your own data risk mitigation practices.
Source: James Griffin, LifeSpan Technology Recycling