How does S2S Group meet standards for on-site data destruction and sanitisation?

secure data destruction truck

What is data sanitisation?

Data sanitisation involves the secure and permanent erasure of sensitive data from datasets and media to ensure that no residual data can be recovered, even through extensive forensic analysis. It is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device, making it unrecoverable. 

When a device is sanitised, it has no usable residual data, and even advanced forensic tools cannot recover the data. Organisations typically perform data sanitisation before disposing of or repurposing storage devices to prevent unauthorised access or retrieval of sensitive information.S2S Group offers a comprehensive data destruction service that sanitises all your assets. The on-site shredding machine means none of your company assets even need to leave the premises.

How does data sanitisation differ from data destruction?

Data sanitisation and physical data destruction are ways to stop sensitive information from being recovered, but they have different methods. Data sanitisation involves using software to overwrite existing data on storage media with random patterns, ensuring that the original data is irretrievable. This process makes the storage device unusable without damaging it physically.

Physical data destruction involves damaging or destroying the storage media to make sure the data cannot be recovered. Methods include shredding, crushing, or incinerating the media, rendering it unusable for future storage.

Destroying data physically makes it impossible to recover, but it also means the storage device is lost and cannot be reused. However, it also means the storage device is completely lost. The storage device cannot be reused once the data is destroyed physically.

Why do some organisations require data destruction on their premises?

Organisations may need to perform data sanitisation and physical data destruction on-site, either by choice or necessity. This can be for a number of reasons, either transportation of sensitive data is too high a risk, or that staff are required to monitor the process of asset destruction. The process occurs in a mobile unit, typically a truck, with on-site destruction.

Data destruction will ensure types of data such as personal information and financial records are completely destroyed from electronic devices.

Data processors such as S2S Group offer remote witnessing of the process via CCTV installed in the vehicle. This gives customers the option of viewing the destruction of assets either in person or via a secure online link.

What are the key certifications to be aware of?

HMG Infosec Level 5

In the UK, the HMG Infosec Level 5 Enhanced standard, set by the National Cyber Security Centre (NCSC), provides stringent guidelines for this process. This standard involves a three-pass overwrite method, ensuring data is irreversibly destroyed and the process is verified.

By adhering to HMG Infosec Level 5 Enhanced, organisations can ensure the secure disposal of sensitive data, mitigate risks of data breaches, and avoid potential penalties.

A crucial element of HMG Infosec Level 5 Enhanced is the need for physical security precautions to safeguard the storage media throughout the sanitisation procedure. This includes secure storage and the presence of authorised personnel throughout the process. 

At S2S Group, all data-bearing media is kept in a designated secure location either within our secure facility or in our mobile data sanitisation and destruction vehicle. A DBS-enhanced vetted member of staff who is certified in Data Sanitisation oversees operations.

S2S Group offers compliant services either at its head office, or if required at an organisations premises.

ADISA Standard 8.0

ADISA Standard 8.0 is a comprehensive set of guidelines and best practices for the secure disposal of data-bearing assets. Developed by the Asset Disposal and Information Security Alliance (ADISA), this standard ensures that all data is irretrievably destroyed before the disposal or repurposing of storage devices. It covers various aspects, including the methods of data sanitisation, physical destruction, and the security measures required during these processes.

The certification provided under ADISA Standard 8.0 is recognised by the Information Commissioner’s Office (ICO) in the UK. This recognition underscores the standard’s reliability and effectiveness in protecting sensitive information from unauthorised access and data breaches, aligning with stringent data protection regulations.

ISO 27001

ISO 27001 is an international standard for managing information security. It outlines the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The standard aims to help organisations protect their information assets by addressing people, processes, and technology.

Key aspects of ISO 27001 include risk assessment and management, security policy development, and the implementation of various controls to mitigate risks. Achieving ISO 27001 certification demonstrates that an organisation, such as S2S Group has a systematic and risk-based approach to managing sensitive information, ensuring its confidentiality, integrity, and availability.

S2S Group’s certifications are available to download from the certifications page.

S2S Group and Mobile On-site Data Sanitisation and Destruction Services

S2S Group offers on-site data destruction as well as off-site services across the UK using their fully operational shredding truck. 

This state-of-the-art shredding truck features dual shred capabilities, configured for various shred sizes, ensuring the secure destruction of all media types in compliance with all relevant legislation. This provides the ideal solution for the secure disposal of highly sensitive media in both document and electronic formats.

Companies must not underestimate the importance of data sanitisation – cyber attacks are becoming more sophisticated and can hack many company assets. Ensure you know what data is stored on which assets to stay compliant.

Contact S2S Group for support with your company’s data handling requirements.

Do you have an IT recycling requirement?