How does SCC manage any concerns regarding removal of client-sensitive data from legacy devices and complying with GDPR?
The risk of cybercrime is rising all the time, both in terms of the quantity and sophistication of attacks; at the same time, regulations like GDPR mean that the consequences for data breaches or poor data protection practices are extremely severe.
Device recycling is a potential weak spot in security and GDPR compliance if devices aren’t handled correctly. This applies to every single asset within an IT estate, whether it has been refurbished and redeployed, made available for resale, or donated to charity. To ensure the risk of data falling into the wrong hands is minimised, we maintain a range of stringent certifications, and have established a full suite of data sanitisation services.
Our data sanitisation processes securely erase and remove all information on data-bearing media, to the point that it will have no reusable residual data. Furthermore, no data will be recoverable, even by advanced forensic tools, giving our customers peace of mind that data can never fall into the wrong hands.
Our standard approach at our UK Operations Centre adheres to the Government’s HMG IA5 standard for secure sanitisation. This allows devices to be reused and for their lifespans to be extended without any risk of security breaches or unauthorised data access.
These services can be used for all of the following:
Hard drives: our data erasure goes beyond basic file deletion and format commands to ensure all data is fully wiped while keeping the hard drive operable. This is supported by Blancco’s world-leading technology, carried out in controlled conditions by security-cleared personnel, and comes with an inventory profile that links erasure activities and serial numbers of every drive
Magnetic media: we use the latest Blancco Drive Eraser software to sanitise data on all magnetic media, generating digitally signed certificates confirming erasure completion and providing a certified, tamper-proof audit trail. The software will be listed on the NCSC (National Cyber Security Centre) CPA approved product list and will be compliant to ‘HMG IA Standard No.5 Secure Sanitisation’, written by CESG (Part of the NCSC).
Solid State Drives (SSDs): our use of Blancco’s SSD erasure methods are multistep, and have been forensically tested to ensure data can never be recovered from erased drives. These methods are DIPCOG approved, and also exceed the requirements of the U.S. National Institute for Standards and Technology
Flash memory and media: as flash memory is present in a wide range of devices and requires no external power source, removing data from them in devices that are no longer required is critical. We can provide the BlanccoFlash service to remove media such as emails, text messages, photos and videos from everything, including mobile devices, network devices, memory cards, hard drives, USB drives and more
Mobile phones and tablets: the DIPCOG-approved Blancco Mobile Device Eraser is compatible with iOS, Android, Windows and Blackberry devices. Where applicable, the HMG IA5 Higher Standard overwriting erasure algorithm is used, followed by internal factory reset of the device
Network devices: many network devices have flash memory within them which needs erasing. While there is no specific software that addresses this, we have established a range of sanitisation methodologies and factory reset procedures across a wide variety of manufacturers and models. These ensure that a comprehensive sanitisation approach that leaves no stone unturned is applied to every network device
As well as our data sanitation services, Recyclea also offers on-site destruction.
Every organisation understands the importance of securing the sensitive data they use, receive and process every day. Generally speaking, information security measures for corporate assets are strong for all assets that are within an organisation’s network. But what happens when an asset isn’t on the network any more?
To ensure that devices removed from networks cannot facilitate a data breach in the future, SCC provides physical destruction services that can be carried out on a customer’s site. This removes the stress and administrative burden of transporting devices to other locations for destruction.
Our certifications for on-site destruction include CPNI, DIPCOG for MoD media, and List N for sensitive nuclear information.
