3-Pass DoD Data Destruction

[show_avatar email=eoghancrosby align=left]Six years after the revi­sions and more research and data on san­it­iz­a­tion, people still ask about DoD 3-pass san­it­iz­a­tion. The truth of it is at this point it doesn’t exist. The DoD has decided that secure inform­a­tion that must remain secure must be des­troyed. NIST has restated in clear terms that a two per­son rule (read human veri­fic­a­tion) shall be imple­men­ted, but no guidelines as to what method of san­it­iz­a­tion (it could be a single wipe with dual human veri­fic­a­tion, or a single destruc­tion with the same).Forensic Data

In today’s data rich envir­on­ment com­pan­ies and indi­vidu­als should take into con­sid­er­a­tion there unique risk vs. value pro­pos­i­tions. The tools are avail­able to address any level of secur­ity issue. As a com­pany we provide many levels of ser­vice from destruc­tion only to san­it­ize and resell. Even as the ser­vice pro­vider we are tak­ing into con­sid­er­a­tion what risk we take when we place a pro­gram for our cli­ents. Not only do we help inter­pret the guidelines but we too have to make the same decisions that our cli­ents do every­day. Does this pro­cess provide enough value to bal­ance the risk? It seems like an easy ques­tion but an entire industry has been cre­ated over the last 17 years over what is a low enough risk. What the industry is focus­ing on now is an edu­cated opin­ion when put­ting together your pro­gram, with best prac­tices and policies that can be imple­men­ted into your own data risk mit­ig­a­tion practices.

Source: James Griffin, LifeSpan Tech­no­logy Recycling

Share Inter­rec

Technical Director at Interrec B.V Ireland, providing zero cost computer recycling & data destruction services in Ireland & the UK. Contact me for a no-obligation quote for your ICT equipment.

Posted in Computer Recycling, Data Destruction

Switch to our mobile site