With an increasing uptick in hacks and data security breaches, information technology equipment management and data-bearing device security are becoming critical business components. Many companies are putting more emphasis on physical destruction of hard drives and data wiping. - Rod McDaniel, S3 CEO
Data and Privacy From onsite data destruction to IT asset removal, S3 protects clients’ data and interests. S3 performs data sanitization and destruction on all data-bearing devices including but not limited to hard drives, removable flash memory, removable storage devices, and solid-state drives. All S3 processing and recycling activities satisfy the regulatory standards set forth by HIPAA, GLB, PCI and the California Security Breach Information Act in accordance with U.S. DoD 5220.22-M and NIST SP 800-88 R1 guidelines. And all material designated for recycling is done in a zero-landfill manner. As a member of the National Association for Information Destruction (NAID), S3
sanitizes or completely destroys all media in accordance with NIST guidelines and provides each client with a certificate of destruction. Full transparency is an important part of S3’s service, so it produces detailed audit reports for clients for each device including: Asset ID, serial number, the security process that was performed, the name of the technician who performed it, and a real-time status report of where the device stands at any given time. Training — S3 Recycling Solutions ensures that employees involved in the data wiping process receive appropriate training on a regular basis (at minimum, annually or as software or equipment change) and are evaluated for competency. Employees involved in the physical destruction process are evaluated for competency at minimum, annually, unless the method of destruction changes.
Security Controls — including physical security, monitoring, chain-of-custody, and personnel qualifications – are in place for all unwiped or undestroyed data storage devices. Secure Facilities — When a data destruction project requires offsite processes, clients can be sure that S3’s multilevel security continues to protect their sensitive data. S3 provides a secure chain of custody during the relocation of clients’ data-containing devices, and its offsite facilities are monitored 24/7. On top of constant CCTV monitoring, facilities have armed guards on both shifts, RFID badge access to data-sensitive areas, third party monitoring, and security gates on dock doors.
