Data are destroyed according to policy when platforms or storage media are decommissioned
A decommissioned server still contains all the data it held while in service unless the storage media is deliberately and verifiably destroyed. Hard drives that are not wiped before disposal have ended up in marketplaces with intact organizational data. The risk from improper media disposal is not theoretical, and it persists long after the hardware leaves your control.
Implementation steps
- 1
Define a media sanitization standard based on data sensitivity
Document how storage media must be sanitized based on the sensitivity of data it held. For media that held confidential or regulated data: cryptographic erasure (preferred for SSDs and encrypted drives), NIST 800-88-compliant secure wipe, or physical destruction. For media that held only non-sensitive data: standard wipe is sufficient. Never reuse media from sensitive systems in non-sensitive ones without sanitization.
- 2
Implement sanitization in the decommission workflow
Make media sanitization a required step in your server and device decommission process. For cloud instances, verify that attached volumes are deleted and not just detached. For physical drives, use certified disk wiping software and obtain a completion certificate, or engage a certified media destruction vendor for physical destruction.
blanccoeraseraws-ec2 - 3
Document sanitization for auditable records
Keep records of media sanitization for all devices that held sensitive data: the asset identifier, sanitization method, date, and the name of the person who performed or verified the sanitization. For physical destruction, obtain a certificate of destruction from the vendor. These records are required for GDPR, HIPAA, and other regulatory frameworks.
Evidence required
Media sanitization policy
A documented policy specifying sanitization methods required for each data sensitivity level.
- · IT policy section on media sanitization referencing NIST 800-88
- · Data destruction standard with methods by data classification
- · Asset disposal procedure in the IT operations runbook
Media sanitization records
Records of media sanitization for decommissioned devices holding sensitive data.
- · Blancco or equivalent wiping certificate for decommissioned drives
- · Certificate of destruction from a certified media destruction vendor
- · Decommission ticket showing sanitization step completed with date and method
Related controls
Data are destroyed according to policy when no longer needed
Data Security
Systems, hardware, software, services, and data are managed throughout their life cycles
Asset Management
The hardware and firmware of platforms are managed
Platform Security
The software of platforms is managed, including operating systems and applications
Platform Security