R2 Guidance & Knowledge Base

Data Destruction/Sanitization Methods and Processing

< BACK

Q.   What are the permissible methods for data destruction or sanitization under R2v3?

Core Requirement 7.(c)(2), outlines three different pathways for data sanitization (sometimes referred to as data destruction).  The methods of sanitization will differ depending on the pathway selected.

  1. R2 facilities certified to Appendix B-Data Sanitization can perform logical and/or physical sanitization in accordance with Appendix B requirements.  This means that the R2 Facility can:
    • Logically sanitize data devices using a software program that is designed to both sanitize the device and maintain records of the results of the sanitization process.  Note that a factory reset is not considered logical sanitization.
    • Physically destroy data devices in accordance with:
      • A physical destruction method identified in Table 1;
      • A method and using approved equipment as identified in the NSA Storage Device Sanitization and Destruction Manual; or
      • Another method that physically destroys the device and has been independently verified by a competent expert to be an effective means of sanitization.
  2. R2 facilities NOT certified to Appendix B-Data Sanitization, can physically destroy data devices in accordance with the NIST Guidelines for Media Sanitization.
  3. A qualified downstream vendor that has been verified in accordance with Appendix A-Downstream Recycling Chain, can perform all data sanitization activities on behalf of an R2 Facility

ADDED 4/8/22 
Q.   Can data devices be reused?

Yes, some data devices may be suitable for reuse but must first be sanitized in accordance with Appendix B – Data Sanitization and then tested and confirmed functional in accordance with Appendix C – Test and Repair.

Alternately, where data storage media such as a hard drive is removed from a device and sanitized through physical destruction, the media may be replaced, or the device can be tested and when verified functioning can be sold without the media as long as the device functionality is categorized accordingly to disclose the missing hardware.

ADDED 4/8/22
Q.   Under Core Requirement 7 – Data Security, there is a reference to not sanitizing a device when requested by the customer. What is an example of a scenario where it would be acceptable to not sanitize a device?

By default, all data must be sanitized with the only exception being when the customer specifically requests and contractually requires that it not be sanitized. This may occur in cases where a customer sends a device to an R2 Facility for repair, and wants the device back following the service with all data intact.  However, the R2 Facility should always recommend that data be sanitized and is not permitted to use things such as blanket statements or other general agreements to waive its responsibility for data sanitization.

Was this article helpful?
4.3 out Of 5 Stars

2 ratings

5 Stars 50%
4 Stars 0%
3 Stars 50%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents
Go to Top