The destruction of a data carrier is not as simple as it may appear to be. First, you have to take the data carrier out of the device or system, except for when you decide to destruct the whole device. That can be a loss of capital and is not very respectful of environmental norms. Further, concerning at least with mobile devices, batteries should not be shredded, so they must be taken out of the device.

After that, rendering a data carrier inoperable or damaged, for example with a hammer or a crusher is only good enough if the data stored on it is of the very lowest security level. For higher levels you will have to find better solutions because of the chance that data could be recovered from parts of a damaged carrier. So then, most data carriers have to be reduced to small particles. The size of the particles is directly related to the security of the data stored on it, plus the physical characteristics of the data carrier.

Of the same importance is the organization of the entire destruction process. Think about security related to all steps in the processing: removing the data carriers, storing them, transporting them, and then performing the physical destruction. This security is not only about people, place and transport, but also about tracking, tracing, and reporting each data carrier, including verification and control.
The physical destruction of data carriers combined with data erasure with software tools, is the most effective data sanitization solution. On our website you will find a great deal of information on this subject. Hereunder some of them are listed:

– How to organize the destruction of data carriers (PDF)
– ISO/IEC 21964 has become the international shred standard (article)
– ISO/IEC 21964 or DIN 66399 explained
– Is ISO 21964 good enough?

Read more in our PDF which you can download for free:

How to Organize the Destruction of Data Carriers | 311 KB

Please login or register free to get access to our papers