THIRD PARTY VERIFICATION
“Two types of verification should be considered. The first is verification every time sanitization is applied…” National Institute of Standards and Technology 800-88
Understanding how to properly dispose of data media and verify that the data is properly destroyed and non-recoverable is a job best left to the professionals. Even tiny fragments of data not destroyed properly can reveal untold amounts of information about you, your business and your customers. Why take the risk?
For some organizations, either because of policy or budget, it is not feasible to let professionals properly dispose of media. For these organizations it is imperative that they use third party verification companies to certify their methods and tools. Many standards organizations require third party verification no matter who performs the actual data destruction.
The National Association for Information Destruction (NAID) is an organization that continues to set the standards for information destruction. NAID has set forth policy that a sampling of media needs to be sent to a third party for verification. NAID recommends four total drives be verified by a third party:
“NAID AAA Certification of Sanitization Operations requires the forensic analysis of four sanitized hard drives, two randomly selected from the applicants processed inventory and two control-drives containing known data”.
A US Government entity, the National Institute of Standards and Technology or ‘NIST’ has also started to put in place a requirement for third party verification in its latest version of NIST 800-88. The recommend two different choices, either verification of every piece of media after sanitization or a representative sampling:
“Two types of verification should be considered. The first is verification every time sanitization is applied (where applicable, as most Destruct techniques do not support practical verification for each sanitized piece of media). The second is a representative sampling verification, applied to a selected subset of the media. If possible, the sampling should be executed by personnel who were not part of the original sanitization action. If sampling is done after full verification in cases of low risk tolerance then a separate validation tool than the one used in the original verification should be used.”
As experts in data security, CPR Tools is the natural choice to ensure that data has been completely eradicated.
For organizations which have eradication paradigms in place, CPR Tools will verify a statistical sampling of drives which have been put through the organizations process and will document the findings to aid in record keeping for audit and compliance purposes.
Whether the data has been eradicated using erasure techniques, degaussing, or another form of eradication, CPR Tools will act as your partner ensuring that your practices are working and meeting applicable laws and regulations.
As experts in data security, we are the natural choice to ensure that data has been completely eradicated from your device. Let us help you ensure your information is secure.
Employees who have successfully completed background investigations will conduct all verification in a secure facility. As an active data recovery company, obtaining media for parts is an integral part of our business. Thus there are two different price schedules that are based on whether or not we have to return the media.
All media will be certified as having the usable data cleared and a Certificate of Verification will be shipped, along with any media, to the customer via CD. Electronic downloads of Certificates of Verification will also be available.