Data is one of the most valuable assets your business possesses. It is a precious commodity, containing information relating to your business, your clients, your customers and your employees.The use of data is also heavily regulated, with legislation such as the GDPR designed primarily to protect the rights of individuals in relation to how their personal information is handled by organisations.
Organisations are required to fully comply with the GDPR in terms of how they process sensitive information, and great sums have been invested in ensuring businesses do not fall foul of the GDPR’s much-publicised data breach fines.
There is significantly less attention focussed on the management of end of life data, however, particularly that which is subject to the process of data destruction. Admittedly, this is a specialist practice, and companies should not undertake any form of data destruction without first consulting a fully qualified IT asset disposal partner who can advise you on the best course of action to take. However, you will want to ensure that your ITAD partner is complying with all regulations when they dispose of your data.
In this article, we take a look at some of the key standards your ITAD vendor need to be complying with when undertaking data destruction in the UK:
What is Data Destruction?
Before looking at the standards you need to adhere to, it is worth examining precisely what data destruction is, and what the process entails. In essence, data destruction is the process of safely and securely destroying sensitive data. In the context of IT asset disposal, data destruction refers to the sanitisation of data contained on data-bearing devices such as hard drives, servers, hard disks, and mobile devices.
There are three distinct methods of secure data destruction, each of which has unique benefits and disadvantages to consider. The three main methods of data destruction are:
Overwriting – In the process of overwriting, old files are ‘overwritten’ with new files. This is also known as data erasure.
Degaussing – Degaussing uses specialist hardware to erase the magnetic field contained in storage media, making it unreadable
Physical Destruction – This process entails the physical destruction of data bearing devices through methods such as disk shredding
To learn more about data destruction, read our article on data destruction methods.
Data Destruction Standards
There are many data destruction standards referring to the safe and secure practice of data destruction in the UK, covering software erasure, degaussing and physical destruction. In this section, we detail some of the most important standards and regulations, all of which tier1 maintain full compliance with.
The National Cyber Security Centre (NCSC), formerly known as CESG, is a government body who deal specifically with the secure sanitisation of storage media. The body provides best practice guidance of secure methods of data sanitisation, and independently test and verify data destruction methods.
The Centre for the Protection of National Infrastructure (CPNI), sets the standard in the process of physical data destruction in the UK. The CPNI provides guidance on physical security, personnel security and cybersecurity in the public and private sectors. Onsite data destruction falls under this umbrella, with the CPNI defining the best practices for the secure onsite destruction of sensitive data.
The Assured Service (Sanitisation) Scheme (CAS-S) is an accreditation offered by the NCSC for companies who provide data destruction and sanitisation services to the owners of classified government data.
CAS-S accreditation confirms that the company in question is able to provide the highest possible levels of data destruction and sanitisation, officially graded as ‘secret’ by the UK government.
The Asset Disposal and Information Security Alliance (ADISA) is a certification body who deal with the broader best practices around data destruction and IT asset disposal. The body is composed of a group of experts with the IT asset disposal industry who set the standard for how data is managed throughout its lifecycle. Accreditation by ADISA confirms that an organisation is fully compliant with the accepted best practices of IT asset disposal and data destruction.
Cyber Essentials is a UK government-backed scheme designed to help organisations to protect themselves from cyber-attacks. The scheme is broad and wide-ranging and aims to ensure that businesses are following basic best practices in the management of data, including how it is handled at the end of life.
tier1 are the UK’s most Accredited ITAD Provider
As the UK’s most accredited ITAD provider, tier1 provide a wide range of onsite and offsite data destruction services. Our highly skilled and qualified team possess the experience and the accreditations to ensure your business remains fully compliant in the process of sanitising your end of life IT assets.
We understand the value of data, and the importance of ensuring it is protected throughout its lifespan. EOL IT Services possess a wealth of data destruction and IT assets disposal accreditations, including:
- ISO 27001: Security Management System
- Cyber Essentials
Our data destruction team are highly experienced, police vetted, DBS checked, and credit checked in line with BS 7858 standard.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibly and legally.
Contact us today on 0161 777 1000 or visit https://www.tier.com to find out how we can help you dispose of your data safely and reliably.