When selecting a data destruction vendor, it’s not just about their ability to destroy data-bearing devices (DBDs). Ensuring that they are compliant with the appropriate cybersecurity frameworks is essential. This compliance extends to their supply chain, ensuring that every aspect of the data destruction process adheres to stringent standards like NIST 800-88 and the NIST Cybersecurity Framework.

Why Cybersecurity Framework Compliance Matters:
Ensuring that your data destruction vendor complies with recognized cybersecurity frameworks is crucial for safeguarding your sensitive information. Here’s why:

Recyclers vs. Compliant Data Destruction Vendors:
Many recyclers are skilled at recycling materials but do not follow NIST 800-88 industry standards. This oversight can result in DBDs being sold on the market with recoverable data, posing significant security risks. Choosing a vendor that adheres to NIST standards ensures comprehensive data destruction.

Certification Requirements:
Different regions have different certification requirements for data destruction vendors. The EU, for instance, requires ISO 27001 certification, while the US mandates compliance with the NIST Cybersecurity Framework, such as NIST 800-171. Unfortunately, many vendors are non-compliant and lack the necessary certifications, leaving your data vulnerable.

Verifying Vendor Certifications:
It’s not enough for a vendor to claim compliance with these standards. They must be able to present real certifications to prove their adherence. Many recyclers assert that they meet these standards but cannot provide the certifications to back up their claims. Always verify the certifications of any vendor you consider partnering with.

Key Takeaways:

  • Ensure your data destruction vendor follows NIST 800-88 standards and can provide real certifications.
  • Verify that your vendor complies with the necessary cybersecurity frameworks, such as ISO 27001 in the EU and NIST 800-171 in the US.
  • A compliant vendor will have a certified supply chain, ensuring that every step of the data destruction process meets industry standards.

Selecting a compliant data destruction vendor is crucial for maintaining data security. By verifying their certifications and ensuring they adhere to recognized cybersecurity frameworks, you protect your organization from potential data breaches and compliance issues. Stay tuned for our next post, where we will discuss the different methods of data sanitization and how to choose the right method for your needs.

case studies

See More Case Studies

Videos

Datacenters are a cybersecurity target

I’m a recovering intelligence officer. I’m always a recovering intelligence officer for one trauma or another. And I’ve had the benefit, the pleasure, the honor to apply a lot of those skills I use in defense of our nation in the commercial section and in the commercial world as well, rising all the way to chief operating officer of a company that I thought was pretty obscure.

Learn more
Videos

Loss of data hurts everyone

Whether I’m a nation state targeting data, whether I’m a criminal enterprise targeting data, or a transnational organization targeting that, that data is valuable. And while it’s valuable to me, there is a negative externality to the people that I’m taking it from as well. It’s not a victimless crime, right?

Learn more
Videos

Datacenters are the obvious target

Anybody ever watch storage wars?
You can go on the dark web and buy drives like you were buying a storage unit. “I’ll give you a thousand dollars for that storage unit”. I know there’s got to be a couple thousand bucks worth of stuff in it. Your data out there is the same way.

Learn more
Contact us

Why risk it alone?
Get started today.

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.
Call us at: +1 (614) 322-2222
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

Schedule a call at your convenience

2

We do a discovery and consulting meeting 

3

We prepare a proposal 

Schedule a Free Consultation