What is a Certificate of Destruction?
A Certificate of Destruction (CoD), data erasure certificate or certificate of sanitization is an auditable document affirming that all confidential data stored on IT assets like hard disk drives, SSDs, PCs, laptops, Mac devices, servers, or other storage media was successfully erased. It ensures that the organization or the third-party service provider is following a reliable data destruction process in compliance with applicable data protection laws. It guarantees that data was destroyed with due diligence and cannot be recovered from the erased devices even using forensic data recovery techniques.
Importance of Certificate of Destruction
A Certificate of Destruction acts as a pivotal document in lawsuits of data breaches to showcase that data was destroyed using a reliable tool like BitRaser that follows NIST guidelines for documentation or through services from an authorized vendor that provided CoD. Section 4.6 of NIST 800-88 Rev. 2 emphasizes that after the sanitization process is complete, a certificate of sanitization should be completed for each sanitized ISM, according to the organization’s policies.
Here are some of the benefits of this document that are meaningful to an organization:
- Serves as Proof of Compliance: Data protection laws like EU-GDPR, GLBA, CCPA, SOX, and HIPAA require erasure of personal information processed by organizations that has served its purpose and is no longer needed. Businesses, data controllers, and data processors are also required to permanently destroy data upon receiving deletion requests from customers. In both cases, organizations are obligated to maintain documentation and proof of sanitization that can be provided on request. When audits are conducted to check compliance with these laws, a certificate of data destruction serves as verifiable proof that all the data-bearing IT assets have been sanitized.
- Provides Peace of Mind: CoD is not only a document to meet compliance with data privacy laws and other industry standards like ISO 27001 but also gives an organization and its stakeholders peace of mind that their data disposal strategy is sound and fail-safe. It ensures that no data breach incident or lapse has happened at any stage, as the document ensures complete, secure, and permanent data destruction.
- Fulfills Mandatory Requirement: The recycling standard R2v3 in Appendix A, Downstream Vendor Qualification (8)(d)(4), requires R2 facilities to verify that if their downstream vendor performs sanitization, then they must provide records of evidence of destruction of all data-bearing IT assets and components. Guidelines for media sanitization, NIST 800-88 Rev.2 in Section 4.6, Documentation suggest completion of a certificate of sanitization for each sanitized ISM as per the organization’s policy. IEEE Standard for Sanitizing Storage in Subclause 5.2 Elements of Sanitization suggests producing proof of storage sanitization (aka CoD) that meets the compliance requirements.
Certificate of Destruction as per NIST SP 800 88 Rev.2
In Sep 2025, NIST 800-88 Rev.1 guidelines were superseded by NIST 800 88 Rev.2 guidelines for media sanitization. Earlier, in Rev.1, Appendix G provided the template of the certificate of sanitization highlighting the key components; now, in the new Rev.2 guidelines, Appendix C highlights the same with some additional fields. The certificate may be in physical form, such as paper, or an electronic record of the entire process. Since gaining physical access to the ISM in some systems can get difficult, automatic documentation becomes significant.
After completion of the data erasure process, the certificate of sanitization should include at least:
- Model
- Manufacturer
- Serial Number
- Media Source & Type
- Sanitization Method & Technique
- Software/Tool used, including version
- Verification Method
- Information of individuals who perform verification and validation:
- Name
- Designation/Title/Position
- Date & Location
- Contact Information (e.g., phone number)
- Signature
For ISM with barcodes on their label, the assigned personnel can scan the barcode to fetch the details, such as serial number and model, as the ISM is sanitized, and enter the details into a tracking application.
Sample Certificate of Sanitization as per NIST 800 88r2 (Appendix C)
NIST provides the example of CoD as shown in Appendix C (refer to Image 1). It establishes the information that should be collected along with the format of the certificate. An organization could either use a form with an automated data transfer utility or choose to record sanitization details electronically through a native application like BitRaser.
Image 1: Certificate of Sanitization (NIST SP 800-88r2)
Comparison in CoD Format of NIST 800-88 R2 & NIST 800-88 R1
There are some changes in the sample certificate provided in Appendix C of NIST 800-88r2, where a few parameters have been added to and removed from the certificate provided in Appendix G of NIST 800-88r1. Following are the details:
- In the ‘Person Performing Sanitization’ section, email has been added.
- In the ‘Media Information’ section:
- Operational/Damaged has been added
- Data Backed up and Back up Location have been removed.
- In the ‘Sanitization Details’ section:
- Validation has been added
- Method Type is now Sanitization Method and excludes ‘Damage’ as a sanitization method
- The Method Used is now Sanitization technique and excludes all the options, such as Degauss, Overwrite, Block Erase, etc., provided earlier
- Method Details and Post Sanitization Classification have been removed
- The Verification Method along with its options has been removed. Verification/status has replaced it.
- The ‘Validation’ section has been renamed to Concurrence.
Refer to Image 2 for the certificate of sanitization in NIST 800-88 Rev.1 for more information.
Note: If a software-based sanitization method such as Purge is selected, then the software will pick most of the drive details and the sanitization method automatically; data fields like validation, classification, and the device’s operational/damaged status, etc., are to be filled by the organization.
If the Destroy method is selected, then the organization or service provider must enter all the details in the certificate as needed.
Image 2: Comparison of CoD (NIST 800 88 Rev.2 vs NIST 800 88 Rev.1)
BitRaser Provides Automated & Immutable Certificate of Erasure
Aligning with the requirements of the NIST SP 800-88 R2, BitRaser generates an automated and tamper-proof certificate of erasure. Along with the CoD, it also produces detailed erasure reports. The reports and certificate can be customized to add erasure and validation details, such as the name and designation of the technician, to maintain accuracy and accountability. Real-time information, like date and software version is incorporated into the certificate and reports automatically.
Each report has a unique digital identifier with which the details of a sanitized IT asset can be tracked. This ID helps when the number of sanitized IT assets is in large volume and the risks of human error are high. The report also includes hardware information, like manufacturer, chassis type, model name and UUID, system serial, USB hub, chassis serial, board serial, media source, and so on.
Data erasure summary including the total number of devices destroyed, method of erasure used, number of passes (single or multiple), success and failure rate, work in progress (if any), verification method, etc. The certificate also mentions the start and end time of the process, along with the overall duration of the procedure. See BitRaser Drive Eraser sample reports and certificates here.
Conclusion
Being a documented proof of erasure, a Certificate of Destruction ensures that an organization collecting, handling, or processing data acts responsibly by destroying data that is no longer required to ensure data privacy and protection as mandated by global regulatory norms. It is a resilient approach to ensure that sensitive and confidential data stored on devices is not exposed to bad actors, thereby mitigating liability risks. A CoD is more than just a document—it’s a safeguard against data-related liabilities and a cornerstone of responsible data lifecycle management.
Reach out to our specialists to know the difference between Verification & Validation as per NIST 800-88 Rev 2 Guidelines.
+1-844-775-0101
