The key benefit of using software for data destruction is that it that it leaves
the host equipment intact and thus available for reuse and resale with obvious financial
and environmental implications. To ensure that appropriate standards are maintained
in the UK data wiping equipment and software is often subject to testing and assessment
by various bodies including CESG and the MOD.
Certified data wiping and data destruction in the UK is overseen by the Communications-Electronics
Security Group (CESG) which is the UK Government's National Technical Authority for
Information Assurance. CESG establish the security specifications which are detailed
in the Her Majesties Government (HMG) Infosec Standards and they also carry out product
evaluations and give approvals for software and physical data destruction products.
The UK Ministry of Defence (MOD) also sets minimum standards for the wiping / destruction
of its sensitive data.
As a minimum data should be erased to MoD Approved/CESG Baseline standards and for
secure or sensitive items to Infosec Standard No 5.
At RediVivus data erasure is performed using the latest equipment and procedures
conforming to UK/MoD CESG/MoD approved standards. HMG Infosec 5 covers both what
is referred to as "Baseline" and "Enhanced" overwriting of data.
In HMG Infosec 5 "baseline' standard level the data wiping software overwrites every
sector of the Hard disk/drive(s) with one pass of randomly generated data. This should
be sufficient for all reasonable purposes and provided this process has been carried
out properly poses no risk of data being subsequently recovered by anybody else -
even by forensic IT specialists.
In HMG Infosec 5 "Enhanced' standard level every sector of the Hard disk/drive(s)
is over-written 3 times: firstly with a digit "1", secondly every sector is over-written
again but this time with a "0" and finally every sector is over written a 3rd time
with randomly generated 1's and 0's.
Whether baseline or enhanced methods are undertaken a verification pass should always
be applied to ensure that this disk has been effectively "wiped". This enhanced
procedure, in theory, provides a more thorough "belt & braces" approach to software
In practice products certified by CESG to HMG Infosec Standard No. 5 Baseline can
be used to wipe Government classified data up to "RESTRICTED" level when disposing
of storage media outside secure environments.
HMG Infosec Standard No. 5 (Enhanced Level) Enhanced Level products must be used
when there is a requirement to clear Government data to classified as CONFIDENTIAL
Where disks cannot be effectively wiped they must be physically destroyed (crushed,
drilled, shredded, smelted) or a "Degausser" can be used to destroy the magnetic
data but this still renders modern hard drives unusable.