Do you have an existing policy for decommissioning end-of-life or off-lease storage hardware?
This is a really important part of storage security policy. Often, security policy will neglect providing sufficient guidance on the organization's accepted practice of decommissioning end-of-life, off-lease or warranty-replacement storage hardware devices containing unprotected information. It is not uncommon for a policy to include a statement as simple as "End-of-life storage hardware is to be decommissioned using recognized data sanitization practice." The fact is that, until recently, there had been no industry standard, and often vendors claim compliance with outdated Department of Defense specifications.
Guiding clients to an effective and recognized data sanitization practice for storage hardware is very valuable and can ultimately save your client a lot of money that could be wasted on unnecessary products or services. Proper guidance can be found in the National Institute of Standards and Technology (NIST) Special Report 800-88, which is a comprehensive guide that covers all types of data storage decommissioning.
A very cost-effective means for clients to decommission storage hardware can be achieved by using Secure Erase, a technology embedded in all ATA, IDE, SATA, PATA and laptop drives since 2001. Secure Erase is recognized by the NIST as a purge-level technology, capable of eliminating stored data beyond forensic recovery.
This was first published in March 2008