by Ruud de Wildt, CEO Certus Software
In today’s digital age, the importance of secure and compliant data erasure cannot be overstated. With increasing concerns about data privacy, organizations must take steps to ensure that sensitive information is securely erased from electronic devices such as smartphones, tablets. laptops, PCs, storage systems, USB sticks, servers etc. before they leave a working environment to be disposed of or recycled.
Data Security as Part of the Reverse Logistics Process
Reverse logistics involves the process of moving products or materials from their final destination back to their point of origin for various reasons, such as returns, end of life, repairs, or recycling. As part of this process, electronic devices that have built-in storage devices should be securely erased before they leave the working environment to be returned to the vendor, resold, or sent for recycling, especially if data security is of high importance to the user to prevent data breaches or violations of data privacy regulations.
To ensure the highest level of assurance in the reverse logistics process, it is important to erase the data before an asset leaves the working environment. This means that the data erasure process should take place at the location where the devices are used, rather than being shipped off-site for erasure at a third-party facility. The most important benefits of following this flow are:
Security: Erasing data before assets leave a working environment ensures that the data is kept under the control of the organization at all times. This reduces the risk of data breaches that can occur during transportation to or at an off-site location. A data erasure certificate per asset can be provided before assets are physically removed.
Efficiency: Erasing data and eventually diagnosing (optical and technical) and reporting before assets leave a working environment can be more efficient than shipping the devices off-site for erasure. After fast processing at the working environment, the devices can be directly shipped to the final destination, reducing extra shipping, offloading and loading, and packing and unpacking steps. This reduces the turnaround time for the reverse logistics process, which improves customer satisfaction and reduces costs.
Compliance: Erasing data on assets before leaving the working environment can help organizations be compliant with data privacy regulations. This is because erasing the data on-site allows the organization to maintain 100% control over the data erasure process and ensures that the data is securely erased in compliance with relevant regulations such as NIST, GDPR etc.
Certified Data Erasure
When erasing data, it is important to use a certified data erasure solution that is compliant with government regulations such as GDPR and the NIST 800-88 Revision 1 standard. This ensures that the erasure process is properly executed and documented, providing a documented trail for auditing purposes.
The label “certified” can be applied to data erasure software when it has successfully gone through a recognized certification process and meets the specific criteria and standards set by the certifying organization.
The specific requirements for certification may vary depending on the certifying organization and the standards they follow. Common certifications for data erasure software include Common Criteria certification, which evaluates security features, and certifications related to data privacy and protection, such as those provided by the IEC or NIST.
Once the software has successfully completed the certification process and received official certification from the relevant organization, it can be labeled as “certified” to indicate that it meets the specified standards for data erasure. The certification is an assurance to users that the software has undergone rigorous testing and evaluation, providing a level of confidence in its effectiveness and security.
The result will be that after the secure data erasure process, the data cannot be recovered anymore. As evidence, a tamper-proofed erasure certificate will be issued containing all the necessary evidence. These certificates can be used to demonstrate compliance with industry regulations and provide evidence of due diligence in the event of an audit or legal action.
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce that develops standards and guidelines for various industries, including cybersecurity. In particular, NIST has developed a set of guidelines for data sanitization that provide guidance on how to securely erase data from electronic devices.
Certified data erasure is a crucial step when considering the reuse of IT equipment because of the inherent risks associated with residual data. Once data protection regulations are assured, IT devices can be safely and securely reused. As a result, this provides cost savings, reduces electronic waste, contributes to sustainability, and saves valuable resources.
Using a certified data erasure solution that is compliant with government regulations such as GDPR and the NIST 800-88 Revision 1 standard has several benefits for the Reverse Logistics branch. Firstly, it reduces the risk of data breaches and regulatory violations, which can result in significant financial and reputational damage. Secondly, it ensures that organizations are complying with data privacy regulations, which can improve customer trust and loyalty. Finally, it provides a documented trail of the erasure process, which can be useful for auditing purposes.