Why data destruction protocols are a non-negotiable element of your IT asset risk management.
It’s a headline topic that’s more than hot, it’s on the boil – cyber-attacks involving ransomware. Recent events in well-known high street brands whose retail, banking and online arms have been seriously compromised, resulting in clothing shortages, food waste and millions of pounds lost each day, and whose customers’ personal data has been scooped and scuppered, mean these data breaches have been on the front page for several weeks.
But cyber is not the whole story. Data thieves don’t harvest sensitive information simply by hacking, phishing, and phone-call scamming their way past vulnerable human beings – although human error does play a large part in all data breaches. They can find it or track it down on devices that have left the control of an organisation – your department, say – without having their electronic storage media (ESM) thoroughly wiped.
Securing your data’s protection
Information security has been a key concern of government departments and agencies for as long as humans have been self-organising. Corporate and political espionage might make for great stories, it’s true, but all the while it undermines societal stability. Those threats have always been, and continue to be, real, and make keeping sensitive information confidential and safe a major part of governmental risk management.
Government departments and agencies require strictly adhered to protocols to protect sensitive data so that they comply with regulations such as GDPR, as well as protections for official and secret levels of information. This means that, at the end of an asset’s use to your organisation, you must consider carefully how to dispose of it in compliance with legislation and, depending on the level of confidentiality of the data the asset has processed during its lifespan, either sanitise the ESM before possible re-use or physically destroy the ESM so that it is irrecoverable.
Experienced IT asset managers know that almost all equipment, including printers, monitors and switches that seemingly only handle data, contains ESM. Exceptions might include power supply units and transformers, mice and simple headphones. In short, residual data may be present and pose a risk in far more kit than a first sweep of assets might indicate.
5 robust protocols to keep government data secure
Protocol #1
Keep records of your records: know what data you hold and where, why you keep it and what its value might be to bad actors.
Protocol #2
Data, data, everywhere: know which assets contain ESM and whether they’ve handled any of your valuable data. Inevitably, most electronic equipment will contain some element of data. Know at point of purchase what the sanitisation requirements are of each.
Protocol #3
Create a policy: set up a re-use and disposal policy for all your data-bearing assets. Restore Technology can help you with this, whatever level of confidentiality you need to achieve.
Protocol #4
Educate your colleagues and teams: and keep on training and updating them. Human error is a major factor in data breaches. Making security second nature in everyone’s interactions and transactions helps eliminate the mistakes.
Protocol #5
Sanitise no-longer-needed assets before they leave organisational control: employ a professional IT asset disposal business to act as your trusted proxy in the disposal of your ESM equipment compliantly and securely.
Allow Restore Technology to be that trusted data protection partner
Our security processes and measures and our cast-iron security guarantees are backed by industry-leading certification and cutting-edge technologies.Over 100 of our colleagues are vetted to official police and government security levels, and our services are NCSC CAS-S and NPSA-approved.Depending on the level of confidentiality of your department’s data handling, we offer two routes for secure data destruction, in line with NCSC recommendations.
Data sanitisation
For equipment that has not handled ‘secret’ level data, we use degaussing (de-magnetising technique) or overwriting erasure software to make ESM unreadable to all but the most sophisticated laboratory-based processes.
We recommend this type of device sanitisation for all a government department’s obsolete data-bearing assets, unless designated ‘secret’ and above, as it means still-current hardware may be re-used or re-marketed through our sales channels, enabling equipment to have a ‘second life’ – a desirable outcome for environmental and financial reasons.
Physical data destruction
This is digital media shredding, suitable for obsolete devices and data. We can destroy assets down to 2mm fragments – a level of micro-cutting that makes data unrecoverable – and provide a certificate of destruction for each transaction, alongside full audit trails.
Providing an even greater level of security, we can carry out digital media shredding at your workplace. Our on-site data destruction service brings a mobile shredding vehicle operated by one of our security-checked professionals to you so that you may witness for yourself your no-longer needed data and equipment falling on to the shredding blades. The shredder reduces devices to 2mm fragments in mere seconds. It’s convenient, it’s highly secure and it’s satisfying to watch!
For large volumes, we security tag and transport your assets, maintaining an unbroken chain of custody throughout, to be shredded off site at one of our specialist security protocoled centres. The key, throughout these processes, is our commitment to maintaining the strictest confidentiality for your assets.
Why choose Restore Technology to secure your government data?
· Scale: we’re a leading IT disposal and recycling company in the UK, trusted by our many public sector clients to manage their IT assets and their data destruction.
· Compliance: our services are certified under rigorous industry standards including:
ISO 9001 – Quality Management System
ISO 14001 – Environmental Management System
ISO 27001 – Information Security Management System
Safe Contractor – Certification for meeting high health and safety standards
· Security: we are fully transparent in our security measures, tagging and tracking your assets, and providing detailed documentation and reports for all processes, data destruction and recycling certificates. We are accredited to the following…
NPSA – National Protective Security Authority, we can handle secure and classified data
NCSC CAS-S – National Cyber Security Centre’s Commodity Information Assurance Services-Sanitisation accreditation assures that we provide secure data sanitisation services
· Security AND sustainability: we are leading recyclers of electronic equipment, helping you reduce your organisation’s carbon footprint and contribute positively to your ESG goals. We work in partnership with Planet Mark™, an organisation that recognises commitment to reducing carbon footprint and implementing sustainable practice.
Contact us
If you find you are having to negotiate a mass of complex and unconnected end-of-lifecycle and data destruction processes, speak to our knowledgeable customer support team on 0333 060 1 920 to find out how to bring scale, security, compliance and sustainability under one roof with Restore Technology. We look forward to speaking to you!
Get in touchRecent news
