FI16874

Request

To ensure I have correctly understood your position, I note that in response to question 1 you have described the process applied by your service provider, including alignment to CESG standards and the use of Blancco software, but have not confirmed whether the certificates or documentation held constitute an explicit outcome based warranty or guarantee. 

Please therefore confirm whether: 

1. The certificates or related contractual documentation held by your organisation constitute an explicit outcome based warranty or guarantee that the personal data on each specific storage device has been rendered irrecoverable as a final data state, or whether they confirm only that a certified erasure or destruction process was followed. In addition, you have stated that no such documentation was previously held demonstrating verification, testing, or validation that data has been rendered irrecoverable in practice. 
2. Please confirm whether it is correct that, beyond confirmation of process completion and standards alignment, your organisation does not hold recorded, device specific evidence demonstrating that the data on individual storage devices has been rendered irrecoverable.  If this understanding is incorrect, please identify the specific recorded documentation that demonstrates either an explicit outcome based warranty or device level verification of irrecoverability.

Response

1. Not explicit, but if graded this means they have been securely erased, if BER (Beyond Economic Repair) then they are shredded. 
2. Beyond the list of devices against the certificate of destruction, no.

Back to top