A single IT asset may contain multiple storage devices (laptop with SSD and HDD, server with a RAID array). Each drive requires its own wipe verification for compliance.
Creating wipe records
Use the Data Wipe toolbar action on a disposition line item to create wipe records for each drive in the asset.
Drive identity
- Drive Type: HDD, SSD, NVMe, Tape, USB, SD Card, or Other.
- Manufacturer, Model, Serial Number.
- Capacity (GB).
Wipe details
- Wipe Method: Software Overwrite, Cryptographic Erase, Secure Erase, Block Erase, Degauss, or Physical Destruction.
- Wipe Software: the tool used (e.g. Blancco, DBAN).
- Wipe Standard: the NIST 800-88 level achieved:
- Clear: logical techniques to sanitise user-addressable storage. Protects against simple recovery.
- Purge: physical or logical techniques rendering recovery infeasible even with lab techniques. Required for most compliance frameworks.
- Destroy: renders the media physically unusable (shredding, incineration, disintegration).
- Passes: number of overwrite passes (1, 3, or 7 depending on standard and media type).
Result and verification
- Result: Pass or Fail.
- Verified By: the person who confirmed the result.
- Verification Date.
Failed drive disposal
When a drive fails the wipe (bad sectors, firmware lock), a separate section captures the alternative action: physical destruction type, destruction vendor, destruction date, and destruction certificate reference.
Tips
- Always verify wipe results before releasing assets.
- Use NIST 800-88 Purge as a minimum for any drive that held sensitive data.
- Keep per-drive records for audit purposes. Aggregate "the asset was wiped" is not sufficient for most compliance frameworks.