Without a plan or system to follow when searching for data destruction, getting what your business needs can be challenging. Setting a plan to dispose of your client or customer data is vital to protecting your business reputation and preventing a data breach.
Our short guide will help you decide what you need to look for when choosing a service. Knowing what options will suit your needs best is the key to creating a data destruction plan which can be successfully followed in the future. From service types to level of security, we’ve got you covered with what you need to know to ensure safe destruction.
Define your needed level of destruction
As there are different kinds of services you can use to destroy data, there are different costs depending on which you use. Some data destruction services use various methods to destroy the information to certain levels. Because of this, you should define what method suits your needs best to avoid unnecessary costs or added time.
There’s no use paying for a service that you may not need, so outlining your requirements before enquiring is useful. For example, degaussing is a form of data destruction, but may not be appropriate for businesses who want to reuse assets. On the other hand, degaussing may be a useful option for small-scale jobs, it all depends on your needs.
Along with degaussing, there is also asset shredding, and data wiping which can be used for data destruction. Wiping is often used for businesses wanting to reuse their assets. But if you’re looking for physical data destruction, shredding is a quick and often cheaper option.
Determining your size of shred
Many businesses often choose to opt for physical destruction or data erasure. However, physical data destruction can come with its own challenges as there are different levels you can destroy your assets to. This is called the ‘size of shred’ and to properly dispose of your data bearing assets, you need to know which level you require.
Depending on what service provider you chose, they may offer different sizes of shredding for your assets. The chosen sizing often depends on the product type and what policies your business has in place. For example, some businesses disposing of highly sensitive data may have a 2mm shred policy.
The size of the shred will again, depend on your needs. To simplify, the smaller the shred size, the higher level of destruction. Some providers like ourselves offer from 25mm to 2mm destruction size, so be sure to check your company’s policies before deciding your shred size.
For more information on data shredding and erasure services, read our 5-minute guide to physical data destruction vs data erasure.
Ensuring data security
Much like the level of destruction, the level of security can be different in each service. To an extent, the level of security can be tailored with bespoke services, where some methods are used in conjunction with each other to achieve a higher level of data security. This is where you now look into those services you need and see what level of security service providers have.
To do this, search for answers to these questions:
1. How are the premises secured?
If data bearing assets are leaving your business, you need to be sure they are going to be safely held before they are destroyed. Systems such as CCTV, staff-only access, and other precautions should be in place at any data destruction facility.
2. What data erasure system do they use?
If you’re opting to use data erasure, the software used in the process needs to be secure. For example, we use the highly accredited Blancco data erasure for full destruction, but other service providers may use different software. To ensure your data is unrecoverable, do some research into which system is used by your service provider.
3. Do they offer on-site destruction?
Some IT asset disposal companies offer on-site shredding for extra peace of mind. If you wish to witness the destruction, asking for on-site disposal can be a good way to ensure that extra level of security.
Accreditations and Certifications
Another element you should be aware of when using any data destruction service is their accreditations. Using a certified service provider and checking their accreditations helps to protect your data. Look for certifications from Adisa, and other auditing bodies to help reassure high standards are being met.
Finally, ensure your business gains the correct certifications after a service is complete. Having proof that your business has safely disposed of sensitive data is important. Not only can a certificate of service be used to show clients or customers their data has been erased, but it can also serve as proof you have adhered to data protection laws. Always ask what certifications are provided after a data destruction service, and have proof you’ve actively ensured that data’s security.
Still unsure on what you need?
If you’re still unsure of what service/s to use for your data destruction, use our flow chart below. The chart helps to outline what options are available for your needs, providing you with a starting point.