What is your process for data destruction?

Posted at May 15, 2012 » By : » Categories : FAQ's » Comments Off on What is your process for data destruction?

Natural Evolution’s data destruction process is in compliance with the following: 

  • Department of Defense (DOD)
  • National Institute of Standards & Technology (NIST) Special Publication Series 800-88
  • National Industrial Security Program (NISP) Operating Manual (DOD 5220.22-M)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act of 2002
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Gramm-Leach-Bliley Act
  • Bank Secrecy Act
  • Patriot Act of 2002
  • Identity Theft and Assumption Deterrence Act
  • US Safe Harbor Provisions
  • FDA Security Regulations (21 C.F.R. part 11)
  • PCI Data Security Standard
  • Various state laws


All hard drives are evaluated for reallocation purposes unless otherwise requested. All other drives meeting our criteria are then sanitized, tested & internally verified.

Our standard data erasure method is according to the NIST 800-88 standard. If there is a requirement for a different erasure method please let us know.

Natural Evolution has in-house data destruction verification tools and processes for onsite data destruction auditing.

When a drive is determined to be not suitable for reallocation or found to be non-working it is then degaussed meeting NIST, DOD & DSS standards. The drive is then shredded with our in-house High Security Shredder and all material is sent to the appropriate refiner.

All drives & drive containing devices are secured in video monitored areas at all times once on premise.

For a small fee, we can generate an Erasure Report to our clients upon request for proof of Erasure completion.

If a client has a security requirement for a drive or drives not to be reallocated, outright dismantling is available upon request.

Natural Evolution, Inc. (“NEI”) has a third party Cyber Risk Insurance Policy  insuring  against certain liability arising from data destruction or loss of its customer’s data  up to $1,000,000 according to the specific terms of an insurance policy which is available for inspection upon request.   NEI does not accept liability and does not agree to indemnify its customers for any losses not covered by the terms of the insurance policy.


About bcook