Written By Sunil Chandna
Updated on Jan 17, 2023
Min Reading 3 Min
Summary: The R2V3 (Responsible Recycling) standard, established by SERI, includes strict guidelines and requirements for data sanitization in Appendix B. These requirements are intended to ensure that all data (PII, Confidential, Licensed information, etc.) on the devices is completely erased and cannot be recovered. An R2-certified facility has to strictly adhere to the data sanitization plan and procedures in the Core 7 requirement. Read this article to understand SERI R2V3 data sanitization requirements under Appendix B.
The SERI R2 standard is a set of guidelines for the responsible recycling of electronic equipment. R2V3 is the third version of the standard, which became effective on July 1, 2020. Appendix B of the R2V3 standard provides guidelines for data sanitization, which is the process of permanently wiping data from electronic devices before they are recycled or resold. The general principle of R2V3 Appendix B is “To recognize organizations that maintain enhanced data security controls and perform physical or logical data sanitization in accordance with best practices, where data devices are managed to the highest level of sensitivity as required by the supplier or regulation.”
Data sanitization is a part of Core Requirement 7 (Data Security) of the SERI R2 standard. Appendix B covers data sanitization in depth, focusing on logical data sanitization, increased security, and device tracking. It also mentions physical sanitization for devices that need to be physically destroyed as per requirements. Some specific requirements for R2 facility running ITAD operation need to follow as per Appendix B:
SERI R2 standard also defines physical sanitization (Destruction) and logical sanitization (Erasure).
The physical sanitization requirements for R2V3 compliance include the following:
Data Storage Device |
Method |
Criteria |
Magnetic Tape |
Degauss* |
|
Incineration |
Reduced to ash |
|
Magnetic Hard Disk Drive |
Degauss* & Crush |
Media must be both degaussed and crushed with a hard disk crusher |
Shred/Physical Destruction |
Platters reduced to fragments |
|
Incineration |
Fully melted to metals |
|
Diskettes |
Degauss* & Physically Destroy |
Media must be degaussed and physically destroyed |
Shred/Disintegration |
Magnetic disk reduced to fragments |
|
Incineration |
Reduced to ash |
|
Optical Disks (CD, DVD, Blu-Ray disks) |
Shred/Disintegration |
Disk reduced to fragments |
Incineration |
Reduced to ash |
|
Solid State Storage (SIM Card, SDRAM, Flash Drive, Circuit Board containing non-volatile flash memory, Solid-State Drive, Cell Phone, Tablet, etc.) |
Shred/Disintegration |
Chips reduced to fragments |
Crush |
SSD crusher designed to crush chipsets |
|
Incineration |
Reduced to ash |
|
Hard Copy Storage (paper, film, etc.) |
Shredding |
Media reduced to fragments by cross-cut shredder, pulverizer, or disintegrator |
Incineration |
Reduced to ash |
|
Other |
Any NSA-approved method for the data storage device |
Criteria specified by NSA for the device and method |
Table - Physical Destruction Methods (Source: The Sustainable Electronics Reuse & Recycling (R2) Standard)
Logical sanitization, also known as ‘Data erasure,’ is removing all data from a device that makes it unrecoverable, rendering it reusable. Logical sanitization is typically done by overwriting the entire storage media with a series of ones and zeros. This process can be done for drives (HDD & SSD) using specialized software like BitRaser Drive Eraser. The logical sanitization requirements for R2V3 compliance include the following:
These requirements are intended to ensure that all data on the devices is completely erased and cannot be recovered, protecting the privacy of individuals and organizations whose data may be stored on the devices. In addition, using the NIST 800-88 standard or equivalent ensures that the erasure process is secure and reliable and that the data has been erased to a widely recognized and accepted standard.
R2V3 compliance also requires stringent quality controls to ensure that the sanitization process is implemented as per the data sanitization plan, which must be updated to include the latest updates and methods of data sanitization.
The Quality Control requirements in the SERI R2 standard include the following:
These requirements are intended to ensure that the recycling facility is operating in a consistent and controlled manner and that all materials are handled and processed following the standard. In addition, the QCP helps ensure that the recycler understands what is expected of them and has the necessary procedures to achieve and maintain compliance.
An R2V3 certification demonstrates that your electronics recycling facility is committed to responsible and sustainable practices. This certification is widely recognized as the standard for best practices in the electronics recycling industry. Some benefits of having an R2V3 certification include compliance with laws and regulations, protection of data and privacy, positive reputation & credibility, competitive advantage, and continuous improvement. Overall, an R2V3 certification can help to ensure that your facility is operating in a responsible, sustainable, and compliant manner while also helping to protect the data and privacy of your customers and contributing to a positive reputation and competitive advantage.
BitRaser is NIST Certified
Related Articles
![]() |
NIST Clear |
![]() |
NIST-ATA Purge |
![]() |
US Department of Defense, DoD 5220.22-M (3 passes) |
![]() |
US Department of Defense, DoD 5200.22-M (ECE) (7 passes) |
![]() |
US Department of Defense, DoD 5200.28-STD (7 passes) |
![]() |
Russian Standard – GOST-R-50739-95 (2 passes) |
![]() |
B.Schneier’s algorithm (7 passes) |
![]() |
German Standard VSITR (7 passes) |
![]() |
Peter Gutmann (35 passes) |
![]() |
US Army AR 380-19 (3 passes) |
![]() |
North Atlantic Treaty Organization-NATO Standard (7 passes) |
![]() |
US Air Force AFSSI 5020 (3 passes) |
![]() |
Pfitzner algorithm (33 passes) |
![]() |
Canadian RCMP TSSIT OPS-II (4 passes) |
![]() |
British HMG IS5 (3 passes) |
![]() |
Zeroes |
![]() |
Pseudo-random |
![]() |
Pseudo-random & Zeroes (2 passes) |
![]() |
Random Random Zero (6 passes) |
![]() |
British HMG IS5 Baseline standard |
![]() |
NAVSO P-5239-26 (3 passes) |
![]() |
NCSG-TG-025 (3 passes) |
![]() |
5 Customized Algorithms & more |
Listening...