EOL IT Services has now merged with tier1 Asset Management Ltd

Data Destruction Standards in the UK

by | Dec 3, 2019 | IT Security, News

Data is one of the most valuable assets your business possesses. It is a precious commodity, containing information relating to your business, your clients, your customers and your employees.The use of data is also heavily regulated, with legislation such as the GDPR designed primarily to protect the rights of individuals in relation to how their personal information is handled by organisations.

Organisations are required to fully comply with the GDPR in terms of how they process sensitive information, and great sums have been invested in ensuring businesses do not fall foul of the GDPR’s much-publicised data breach fines.

There is significantly less attention focussed on the management of end of life data, however, particularly that which is subject to the process of data destruction. Admittedly, this is a specialist practice, and companies should not undertake any form of data destruction without first consulting a fully qualified IT asset disposal partner who can advise you on the best course of action to take. However, you will want to ensure that your ITAD partner is complying with all regulations when they dispose of your data.

In this article, we take a look at some of the key standards your ITAD vendor need to be complying with when undertaking data destruction in the UK:

What is Data Destruction?

Before looking at the standards you need to adhere to, it is worth examining precisely what data destruction is, and what the process entails. In essence, data destruction is the process of safely and securely destroying sensitive data. In the context of IT asset disposal, data destruction refers to the sanitisation of data contained on data-bearing devices such as hard drives, servers, hard disks, and mobile devices.

There are three distinct methods of secure data destruction, each of which has unique benefits and disadvantages to consider. The three main methods of data destruction are:

Overwriting – In the process of overwriting, old files are ‘overwritten’ with new files. This is also known as data erasure.

Degaussing – Degaussing uses specialist hardware to erase the magnetic field contained in storage media, making it unreadable

Physical Destruction – This process entails the physical destruction of data bearing devices through methods such as disk shredding

To learn more about data destruction, read our article on data destruction methods.

Data Destruction Standards

There are many data destruction standards referring to the safe and secure practice of data destruction in the UK, covering software erasure, degaussing and physical destruction. In this section, we detail some of the most important standards and regulations, all of which tier1 maintain full compliance with.

The National Cyber Security Centre (NCSC)

The National Cyber Security Centre (NCSC), formerly known as CESG, is a government body who deal specifically with the secure sanitisation of storage media. The body provides best practice guidance of secure methods of data sanitisation, and independently test and verify data destruction methods.

Centre for the Protection of National Infrastructure (CPNI)

The Centre for the Protection of National Infrastructure (CPNI), sets the standard in the process of physical data destruction in the UK. The CPNI provides guidance on physical security, personnel security and cybersecurity in the public and private sectors. Onsite data destruction falls under this umbrella, with the CPNI defining the best practices for the secure onsite destruction of sensitive data.

Assured Service (Sanitisation) Scheme (CAS-S)

The Assured Service (Sanitisation) Scheme (CAS-S) is an accreditation offered by the NCSC for companies who provide data destruction and sanitisation services to the owners of classified government data.

CAS-S accreditation confirms that the company in question is able to provide the highest possible levels of data destruction and sanitisation, officially graded as ‘secret’ by the UK government.

Asset Disposal and Information Security Alliance (ADISA)

The Asset Disposal and Information Security Alliance (ADISA) is a certification body who deal with the broader best practices around data destruction and IT asset disposal. The body is composed of a group of experts with the IT asset disposal industry who set the standard for how data is managed throughout its lifecycle. Accreditation by ADISA confirms that an organisation is fully compliant with the accepted best practices of IT asset disposal and data destruction.

Cyber Essentials

Cyber Essentials is a UK government-backed scheme designed to help organisations to protect themselves from cyber-attacks. The scheme is broad and wide-ranging and aims to ensure that businesses are following basic best practices in the management of data, including how it is handled at the end of life.

tier1 are the UK’s most Accredited ITAD Provider

As the UK’s most accredited ITAD provider, tier1 provide a wide range of onsite and offsite data destruction services. Our highly skilled and qualified team possess the experience and the accreditations to ensure your business remains fully compliant in the process of sanitising your end of life IT assets.

We understand the value of data, and the importance of ensuring it is protected throughout its lifespan. EOL IT Services possess a wealth of data destruction and IT assets disposal accreditations, including:

  • ISO 27001: Security Management System
  • CPNI
  • NAID-Europe
  • Cyber Essentials
  • CAS-S

Our data destruction team are highly experienced, police vetted, DBS checked, and credit checked in line with BS 7858 standard.

With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibly and legally.

Contact us today on 0161 777 1000 or visit https://www.tier.com to find out how we can help you dispose of your data safely and reliably.

Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...