THIRD PARTY VERIFICATION
“Two types of verification should be considered. The first is verification every time sanitization is applied…” National Institute of Standards and Technology 800-88
Understanding how to properly dispose of data media and verify that the data is properly destroyed and non-recoverable is a job best left to the professionals. Even tiny fragments of data not destroyed properly can reveal untold amounts of information about you, your business and your customers. Why take the risk?
For some organizations, either because of policy or budget, it is not feasible to let professionals properly dispose of media. For these organizations it is imperative that they use third party verification companies to certify their methods and tools. Many standards organizations require third party verification no matter who performs the actual data destruction.
The National Association for Information Destruction (NAID) is an organization that continues to set the standards for information destruction. NAID has set forth policy that a sampling of media needs to be sent to a third party for verification. NAID recommends four total drives be verified by a third party:
“NAID AAA Certification of Sanitization Operations requires the forensic analysis of four sanitized hard drives, two randomly selected from the applicants processed inventory and two control-drives containing known data”.