Home 9 Blog 9 Breaking down data destruction wiping standards

Breaking down data destruction wiping standards

There are many different regulations surrounding data management and destruction. When ITAD vendors talk about meeting those regulations when performing ITAD services, there can be a laundry list of international wiping standards that come into play, and it can seem daunting to understand which options suit your own needs. The question then becomes less about how to meet the standards and more about which standards are best for your enterprise.

Understanding the different types of well-known international wiping standards is a way to make sure that the proper ones are met, depending on your business’s circumstances or needs. There are multiple different pass options, which refers to the number of times the data is rewritten, ranging from as few as one pass to as many as 35 in certain Department of Defense recommendations. Different countries may have different standards defined, and there are debates among some ITAD professionals over the most preferable method or number of passes, which is why having
a range of options is a key thing to look for in a vendor.

Here is a guide to a few of the most commonly recognized international standards for data wiping:

Canadian standard: RCMP TSSIT OPS-II (Four-pass wipe)

This is one of several data destruction programs Canada defines and recognizes as an official standard for data destruction. It uses four different passes: alternating ones and zeros to write over data on the first three passes, then writes random characters on the fourth and verifies that step was successful. This method is extremely similar to a US-based standard called NAVSO P-5239-26, which is defined by the US Navy.

US Department of Defense: DoD 5220.22-M (Three-pass wipe)

US Department of Defense standards are another military-grade prescription for data destruction. This three-pass scrub works very similarly to the aforementioned Canadian and US Naval standards, using zeros in the first pass and ones in the second pass, followed by a random character in the third. The primary difference between the former two and this DoD standard is that each pass is verified along the way.

Algorithms: Gutmann, Pfitzner, and Schneier’s Methods

There are many similarities among the most well-known methods developed by and named after data scientists Peter Gutmann, Roy Pfitzner, and Bruce Schneier. These three different algorithms are utilize complex multi-pass overwrites to prevent the extraction of the original data.

The Gutmann Method is known as one of the most complex and thorough wiping standards. This approach uses 18 to 35 different passes, with heavy variations in the overwriting patterns. Random characters are utilized at certain intervals, and a complex pattern is used throughout the entire overwrite. This method is an especially good option for older hard drives.

The Pfitzner Method is similarly complex, with a 33-pass option and an ability to run the entire program multiple times. Verification also occurs along the way, and like the Gutmann method, uses a combination of random characters for each pass. There are options for both a seven-pass and 33-pass program.

The Schneier Method, like the other two, has a more complex system than some of the other standard data destruction techniques, but first employs zeros and ones in the first two passes followed by five more random character streams. Some software that uses the Schneier Method will verify that a character was written, and will restart the process
if the verification shows a failure to write the character to the drive.

Explore which standards best meet your industry’s regulations, needs, and desired outcomes. In doing so, you can define and pinpoint a thorough, smooth plan for the entire ITAD process. Schedule a free consultation with WipeOS to discuss the 16 different international standards employed by its data wiping solutions to find one that fits your personal or business needs.