We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

What Are The SERI R2V3 Data Sanitization Requirements Under Appendix B?

  • author image

    Written By Sunil Chandna linkdin

  • calender

    Updated on Jan 17, 2023

  • clock

    Min Reading 3 Min

Summary: The R2V3 (Responsible Recycling) standard, established by SERI, includes strict guidelines and requirements for data sanitization in Appendix B. These requirements are intended to ensure that all data (PII, Confidential, Licensed information, etc.) on the devices is completely erased and cannot be recovered. An R2-certified facility has to strictly adhere to the data sanitization plan and procedures in the Core 7 requirement. Read this article to understand SERI R2V3 data sanitization requirements under Appendix B.

R2v3-Defines-Data-Sanitization-Software

The SERI R2 standard is a set of guidelines for the responsible recycling of electronic equipment. R2V3 is the third version of the standard, which became effective on July 1, 2020. Appendix B of the R2V3 standard provides guidelines for data sanitization, which is the process of permanently wiping data from electronic devices before they are recycled or resold. The general principle of R2V3 Appendix B is “To recognize organizations that maintain enhanced data security controls and perform physical or logical data sanitization in accordance with best practices, where data devices are managed to the highest level of sensitivity as required by the supplier or regulation.”

R2V3 Appendix B: Data Sanitization Requirements

Data sanitization is a part of Core Requirement 7 (Data Security) of the SERI R2 standard. Appendix B covers data sanitization in depth, focusing on logical data sanitization, increased security, and device tracking. It also mentions physical sanitization for devices that need to be physically destroyed as per requirements. Some specific requirements for R2 facility running ITAD operation need to follow as per Appendix B:

  • Methods to distinguish sanitized and data-bearing devices and documented quality control for verifying the data sanitization process.
  • All devices processed must follow a consistent sanitization method, and the data should be sanitized from the storage device.
  • Remedial actions must be taken in devices where sanitizing cannot be verified.
  • Maintaining records of the data sanitization process, including the type of equipment or media sanitized, the specific sanitization method used, and the date and results of the verification process.
  • Training and evaluating data sanitization personnel to perform the specific data sanitization procedures, including any necessary modifications as and when processes revise as per data storage devices and sanitization methods change.
  • Implementing, testing, and maintaining effective security procedures corresponding to the sensitivity classification of the storage media.
  • All data-bearing devices must be in a secure facility with alarms, CCTV systems (with at least 60 days of recordings), access control, and inventory tracking of data-bearing devices at all times.
  • Data sanitization services outside the accredited R2 facility must also comply with Appendix B and Core Requirement 7.

SERI R2 standard also defines physical sanitization (Destruction) and logical sanitization (Erasure). 

What are the Physical Sanitization Requirements for R2V3 Compliance?

The physical sanitization requirements for R2V3 compliance include the following:

  • Physically destroying the device using the methods provided in the table.

Data Storage Device

Method

Criteria

 

Magnetic Tape

Degauss*

 

Incineration

Reduced to ash

 

Magnetic Hard Disk Drive

Degauss* & Crush

Media must be both degaussed and crushed with a hard disk crusher

Shred/Physical Destruction

Platters reduced to fragments

Incineration

Fully melted to metals

 

Diskettes

Degauss* & Physically Destroy

Media must be degaussed and physically destroyed

Shred/Disintegration

Magnetic disk reduced to fragments

Incineration

Reduced to ash

 

Optical Disks (CD, DVD, Blu-Ray disks)

Shred/Disintegration

Disk reduced to fragments

Incineration

Reduced to ash

Solid State Storage (SIM Card, SDRAM, Flash Drive, Circuit Board containing non-volatile flash memory, Solid-State Drive, Cell Phone, Tablet, etc.)

Shred/Disintegration

Chips reduced to fragments

Crush

SSD crusher designed to crush chipsets

Incineration

Reduced to ash

 

Hard Copy Storage (paper, film, etc.)

Shredding

Media reduced to fragments by cross-cut shredder, pulverizer, or disintegrator

Incineration

Reduced to ash

 

Other

Any NSA-approved method for the data storage device

Criteria specified by NSA for the device and method

Table - Physical Destruction Methods (Source: The Sustainable Electronics Reuse & Recycling (R2) Standard)

  • R2V3 SERI also approves the methods listed in the NSA (National Security Agency) Storage Device Sanitization Manual, Dec 2020.
  • Any other method that a competent expert has independently verified to be an effective method of physical sanitization.
  • The physical destruction method can be more stringent if required by customers or regulations.
  • R2V3 compliance requires facilities to record and store video proof of physical destruction for at least 60 days.

What are the Logical Sanitization Requirements for R2V3 Compliance?

Logical sanitization, also known as ‘Data erasure,’ is removing all data from a device that makes it unrecoverable, rendering it reusable. Logical sanitization is typically done by overwriting the entire storage media with a series of ones and zeros. This process can be done for drives (HDD & SSD) using specialized software like BitRaser Drive Eraser. The logical sanitization requirements for R2V3 compliance include the following:

  • Maintaining electronic records of data erasure generated by the data wiping software.
  • The sanitization software must be able to wipe all user-addressable locations, and the software must fail the media if all locations are not sanitized.
  • All logins, passwords, locks, or other connections to a remote service must be deleted and the device disconnected.
  • The sanitization process must be verifiable so that it can be proven that all data has been removed. It requires a minimum of 5% of logically sanitized data storage media to be routinely sampled, audited, and certified by a third-party auditor.
  • A qualified technician must perform the Logical Sanitization process, and both the equipment cum the software used must be specifically designed for the task.
  • A certificate of data destruction must be provided to the customer upon request.
  • If R2V3 Appendix B logical sanitization is unsuccessful, then the data-bearing device must be physically destroyed using the methods prescribed in physical sanitization.

These requirements are intended to ensure that all data on the devices is completely erased and cannot be recovered, protecting the privacy of individuals and organizations whose data may be stored on the devices. In addition, using the NIST 800-88 standard or equivalent ensures that the erasure process is secure and reliable and that the data has been erased to a widely recognized and accepted standard.

R2V3 compliance also requires stringent quality controls to ensure that the sanitization process is implemented as per the data sanitization plan, which must be updated to include the latest updates and methods of data sanitization.

What are the Quality Control Requirements in the SERI R2 Standard?

The Quality Control requirements in the SERI R2 standard include the following:

  • The recycling facility must have a written Quality Control Plan (QCP) that outlines the procedures and policies for ensuring that materials are handled and processed per the standard.
  • The QCP must include procedures for identifying, documenting, and tracking all materials received, processed, and shipped. In addition, the supplier must be informed of any discrepancies in receiving, cataloging, sanitizing, and releasing.
  • After verifying logical sanitization, data storage devices shall be approved for release by the data protection representative. The records of sanitization must be maintained and stored by the R2 facility.
  • The R2 facility must have a system for corrective and preventive actions to address any non-conformities identified during the audit process. The same must be updated in the data sanitization plan.

These requirements are intended to ensure that the recycling facility is operating in a consistent and controlled manner and that all materials are handled and processed following the standard. In addition, the QCP helps ensure that the recycler understands what is expected of them and has the necessary procedures to achieve and maintain compliance.

Conclusion: Importance of Having an R2V3 Certification

An R2V3 certification demonstrates that your electronics recycling facility is committed to responsible and sustainable practices. This certification is widely recognized as the standard for best practices in the electronics recycling industry. Some benefits of having an R2V3 certification include compliance with laws and regulations, protection of data and privacy, positive reputation & credibility, competitive advantage, and continuous improvement. Overall, an R2V3 certification can help to ensure that your facility is operating in a responsible, sustainable, and compliant manner while also helping to protect the data and privacy of your customers and contributing to a positive reputation and competitive advantage.



FAQs

What does R2V3 mean?
R2 (Responsible Recycling) V3 is the third version of the R2 standard published by SERI (Sustainable Electronics Recycling International), which became effective on July 1, 2020.
What is the R2 standard?
The R2 Standard establishes responsible reuse and recycling (“R2”) practices for managing and processing used electronics globally. The standard is published by SERI.
What are data sanitization methods defined in Appendix B of R2v3 Standard by SERI?
Appendix B of R2V3 outlines two methods for data sanitization - physical sanitization (Destruction) and logical sanitization (Data Erasure).
What is SERI R2V3 Appendix B?
SERI R2 Appendix B covers data sanitization techniques like physical sanitization with a focus on logical data sanitization, increased security, and device tracking.
What is the importance of R2 certification?
An R2V3 certification demonstrates that your electronics recycling facility is committed to responsible and sustainable practices for recycle and reuse. This certification is widely recognized as the best standard in the electronics recycling industry.

BitRaser is NIST Certified

See All Certifications

Related Articles

Know Virginia Consumer Data Protection Act

May 27, 2022

What Is Data Wiping & Why Is It Essential Now More Than Ever?

Dec 02, 2021

ISO 27040 Media Sanitization Requirements To Maintain Data Security

May 31, 2022


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
KgfsM

I understand that the above information is protected by Stellar's Privacy Policy.

HLa4v

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...