Blog

Field guides for ITAD and data sanitization.

Expert guides on data sanitization, NIST 800-88 compliance, HIPAA and PCI DSS destruction requirements, and ITAD best practices.

February 20, 2026·8 min read

What Is Data Sanitization? A Complete Guide for IT Professionals

Deleting files or formatting a drive does not remove data. Data sanitization permanently and irreversibly destroys it. This guide covers the three NIST categories, when to use each, and why documentation is critical.

data sanitizationNIST 800-88data destruction

January 30, 2026·10 min read

NIST 800-88 Rev. 2 Explained: What Changed and What It Means for Your Organization

NIST published the updated SP 800-88 Rev. 2 in 2025, modernizing media sanitization guidance for SSDs, NVMe, cryptographic erasure, and cloud environments. Here is what changed and what your organization needs to do.

NIST 800-88NIST SP 800-88 Rev 2media sanitization

January 9, 2026·7 min read

Hard Drive Destruction vs. Data Erasure: Which Is Right for Your Business?

Physical destruction and software erasure both achieve compliant data sanitization, but they differ in cost, environmental impact, and asset recovery value. This comparison covers when to use each and why most organizations benefit from a hybrid approach.

hard drive destructiondata erasurehard drive shredding

December 11, 2025·9 min read

HIPAA Data Destruction Requirements: What Healthcare Organizations Must Know

HIPAA requires that ePHI be rendered unusable, unreadable, and indecipherable at disposal. This guide covers the specific rules, documentation requirements, penalty tiers, and best practices healthcare organizations need to follow.

HIPAA data destructionHIPAA data disposalePHI disposal

November 14, 2025·7 min read

Certificate of Data Destruction: What It Should Include and Why It Matters

A certificate of data destruction is the proof that data was actually destroyed. This guide covers what it should include, red flags in weak certificates, how tamper-evident QR verification works, and why seven-year retention is the standard.

certificate of data destructioncertificate of sanitizationdata destruction documentation

October 16, 2025·8 min read

Chain of Custody in ITAD: Why Every Step Needs Documentation

Gaps in your ITAD chain of custody create legal liability, compliance failures, and reputational risk. Learn what proper documentation looks like and how to automate it.

chain of custodyITAD documentationIT asset disposition

September 18, 2025·8 min read

SSD Data Destruction: Why Traditional Methods Don't Work

Traditional overwrite methods leave data recoverable on SSDs. Learn why flash storage requires firmware-level sanitization commands and what NIST recommends.

SSD data destructionSSD sanitizationATA Secure Erase

August 28, 2025·7 min read

Network Equipment Sanitization: Documenting Factory Resets with Revoke

Switches, routers, and firewalls store sensitive data too. Learn how Revoke automates network equipment sanitization and integrates with ExpungeData for tamper-evident documentation.

network equipment sanitizationRevokefactory reset documentation

July 24, 2025·9 min read

PCI DSS Data Destruction Requirements: Protecting Cardholder Data at End of Life

PCI DSS Requirements 3.1 and 9.4 mandate documented destruction of cardholder data. Learn what QSAs expect and how to produce audit-ready records.

PCI DSS data destructionPCI compliance media sanitizationRequirement 9.4

June 12, 2025·7 min read

The True Cost of DIY Data Destruction: Why In-House Isn't Always Cheaper

The hidden costs of in-house data destruction -- labor, software, equipment, and documentation gaps -- often exceed third-party services. Here is the true cost breakdown.

DIY data destruction costin-house data destructiondata destruction outsourcing