It's not just hard drives that store data. Cascade's data destruction processes clear and destroy data on a wide variety of media that store information.

It's amazing where information is now stored. It's not just on paper and in hard drives, but nearly any device that transmits, prints, logs, or stores information will potentially retain that information. Cascade recognizes that data may be stored on a wide variety of devices and has always worked to address existing and emerging threats to data security during IT asset disposition.

 

CBS News exposes data threats from photocopiers
On April 9, 2010, CBS News ran a national story about information retained on copiers that were supposedly being recycled. This helped alert the public about this potential security threat. See the story from CBS News. But there's a data security risk from nearly every electronic device companies dispose.

Cascade is constantly researching methods for proper data destruction techniques consistent with the NIST 800-88 Guidelines for Media Sanitization, Revision 1 (December, 2014). These guidelines include physical and electronic data destruction on a wide array of products. These guidelines replace the legacy Department of Defense 5220.22-M standard. Cascade's NAID certified media destruction processes give you further assurance we destroy data on your equipment.

Cascade provides customers and other interested parties with a Self Audit Packet which details our comprehensive data security program. Contact us if you are interested in a copy. Below is a sample of the types of products we encounter and how we ensure the data are destroyed from these assets.

How Cascade destroys information from electronic devices:

Electronic Sanitization Procedures

Cascade’s electronic and physical data destruction methodologies conform to NIST 800-88 Guidelines for Media Sanitization Revision 1 “clear”, “purge”, and “destroy” sanitization categories. All sanitization methods employed by Cascade meet the NIST 800-88 “clear” specifications at minimum. All physical destruction methods meet the NIST 800-88 “destroy” specifications. See the table below for more information on types of devices, associated NIST 800-88 Appendix A – Minimum Sanitization Recommendations tables, and data destruction capabilities:

NIST Sanitization Category	NIST Appendix A Reference	Capabilities
Hard Copy Storage: Paper and Microforms	Table A-1	Purge/Destroy
Networking Devices	Table A-2	Clear/Purge*/Destroy
Mobile Devices	Table A-3	Clear/Purge*/Destroy
Office Equipment	Table A-4	Clear/Destroy
Magnetic Media (incl. Magnetic Hard Drives)	Table A-5	Clear/Purge*/Destroy
Peripherally Attached Storage	Table A-6	Clear/Purge*/Destroy
Optical Media: CD/DVD/BD	Table A-7	Destroy only
Flash Memory-Based Storage Devices	Table A-8	Clear/Purge*/Destroy
RAM and ROM-Based Storage Devices	Table A-9	Clear/Purge*/Destroy

 *Some devices are unable to meet purge specifications due to hardware, software, or sanitization limitations.

Electronic Sanitization Software

Cascade uses Extreme Protocol Solutions Xerase, Tabernus Enterprise Erase and White Canyon’s WipeDrive PRO software to electronically sanitize hard drives from any workstation, laptop or server that can be resold.  Extreme Protocol Solutions sanitization tools are NIST 800-88 Guidelines for Media Sanitization, Revision 1 compliant. Tabernus sanitization tools are CESG (UK National Technical Authority for Information Assurance) compliant and meet the NIST 800-88 Guidelines for Media Sanitization, Revision 1. White Canyon’s software is certified by the National Information Assurance Partnership’s “Common Criteria Standard” and meets most major national and international certifications and standards. 

Using the Software

• The progress of the sanitization program is viewed by a technician.
• Unless explicitly requested, all hard drives will be sanitized using the default character (0) and number of passes (1).  After the write, the program will automatically scan the drive and verify that the drive is sanitized.
• When requested, a Department of Defense 5220.22-M 3-Pass sanitization of hard drives may be performed.  (Note: this wiping standard is now obsolete).  This will overwrite the drive first with zeroes (0), then ones (1), and then random characters. After the writes, the program will automatically scan the drive and verify that the drive is sanitized.
• Regardless of the sanitization pattern, the software will send a report to Cascade’s database that includes detailed information about the sanitization as well as information.

 

Other Security Considerations

• Asset tags, labels or other markings not affixed by the manufacturer are removed or defaced. If they cannot be removed the unit will be recycled.
• Internal parts are checked for customer specific markings.
• ROM images, logos, and slogans related to customer information are destroyed/overwritten using a BIOS FLASHING utility.
• All drives, bays, slots, cards, and readers are checked for media.
• Media are physically destroyed.
• Any solid state drives present are identified.
• All components are checked to ensure that they do not contain a hard drive or are capable of storing any data.
• Integrated remote management settings that could contain customer IP names or IP addresses are cleared.
• Quality control procedures consistently meet internal and NAID requirements and best practices.

 

Physical Destruction

Inventory deemed “end of life” because it is obsolete, damaged, or specified for destruction per customer requirements is processed by Cascade and its audited downstream processors for recycling and treatment according to the e-Stewards standard and the security guidelines of NIST 800-88 Guidelines for Media Sanitization, Revision 1.  Cascade is capable of disassembling most collected equipment into component parts.  All information from any media in end of life equipment will be destroyed by Cascade employees within the confines of our secure facilities, unless agreed to in writing with our clients prior to processing.  Downstream processors are available to assist with shredding, smelting, and other mechanical recycling processes, but are not authorized to process and destroy information on electronic devices, unless specifically granted permission to do so with prior notification and consent from any affected Cascade customers.

 Items sent for end of life processing are disassembled by trained employees who inspect them for data storage devices.

• Personnel are trained on how to identify devices.
• Devices are quarantined (physically secured) prior to physical destruction in the Cascade facility.
• Physical destruction is witnessed by trained employee.
• Product is inspected to verify success.
• In some cases organizations can request/schedule physical destruction and witness the entire destruction operation.
• Includes certificate signed by the CEO of Cascade Asset Management, LLC.
• Waste streams are periodically inspected for data storage devices.