WHY SANITIZE

Verified sanitization is safer, smarter, and greener than destruction.

The current NIST guidance, the current industry standards, and the embodied-carbon math all point the same way — sanitize the drive, then reuse it. Here's the case.

THE STANDARDS CASE

Sanitization is the NIST baseline — not destruction.

NIST Special Publication 800-88 Revision 2 (September 2025) — the United States standard for media sanitization — treats verified Purge as appropriate for releasing media outside organizational control, including for most sensitive data classifications. A properly executed and verified Purge is recognized as an alternative to physical destruction, not a lesser substitute for it.

IEEE 2883-2022 — the dedicated industry standard for storage sanitization, developed by the storage industry itself — codifies the same three-level model: Clear, Purge, Destroy. ISO/IEC 27040:2024 extends this internationally.

All three standards agree on the principle: pick the method that matches the media and the data classification, verify it, and document it. The method itself is a means; the goal is unrecoverability, and a verified Purge gets there without destroying the drive.

THE SECURITY CASE

Shredding doesn't scale with media density.

As storage media density has grown, mechanical destruction has gotten harder to do right. Modern hard drives pack data at densities where small fragments can still contain recoverable user information. Modern flash media — which is what most drives are now — is denser still.

The Circular Drive Initiative, an industry consortium developing reuse standards for storage media, puts it this way: "Shredding was actually deprecated in the latest sanitization specification due to media density on the latest storage media… small fragments of drives can actually still contain a lot of user data."

Getting destruction right at modern densities means hitting very small particle sizes — commonly a 2mm target for flash. A lot of "destroyed" drives in the field never reach those particle sizes. A verified Purge, by contrast, addresses every accessible logical block and produces a measurable, documented result.

The destruction trap

A shredded drive looks final. But "looks final" and "is unrecoverable" are not the same claim. Without verification — and without per-particle measurement at scale — the proof of destruction is itself missing.

The sanitization advantage

A verified Purge yields direct evidence: every block was addressed, the device acknowledged the command, the read-back matched. That evidence is what a tamper-evident sanitization report attests to.

THE ENVIRONMENTAL CASE

Reuse beats recycling. Recycling beats destruction.

The biggest carbon cost in a drive's lifecycle isn't electricity or shipping — it's the embodied carbon of manufacturing. The rare-earth mining, the silicon refining, the energy and water that go into producing the drive in the first place. When a drive is sanitized and put back into service, all of that is preserved. When a drive is destroyed, it gets repeated downstream — someone has to manufacture a new one.

Per the Circular Drive Initiative:"Carbon emissions avoided by reusing HDDs and SSDs far outweigh those mitigated by recycling raw materials."

The industry ships hundreds of millions of HDDs and SSDs every year — a large percentage of which are destroyed after their first use. The carbon math says that's the wrong default. The security math, as above, says it isn't even necessary.

First-use destruction is the highest-cost option

You pay for the embodied carbon of the original drive, then pay again for its replacement. The destruction step itself adds nothing — it just resets the meter.

Recycling recovers materials, not carbon

Smelting and refining recovered drives is energy-intensive. You get some of the materials back; most of the embodied carbon is gone.

Reuse preserves both

A sanitized, verified drive keeps its full residual life. The next user gets a functional device. The carbon math is favorable. The math is not close.

Statements attributed to the Circular Drive Initiative are quoted from circulardrives.org/faq. CDI is an industry consortium; Expunge Data does not represent CDI and is not a member organization.

OUR PART OF THE CHAIN

Sanitize once. Document everything. Send the drive back into service.

Our process is built around the principle above. Sanitization is the default; destruction is the exception, reserved for drives that fail verification or health checks.

Three-standard alignment. NIST SP 800-88 Rev. 2, IEEE 2883-2022, ISO/IEC 27040:2024 — referenced on every report.
Method matched to media. Clear, Purge, or Cryptographic Erase — the right one for the device, recorded in the report.
Hidden areas addressed. HPA and DCO regions checked and sanitized where applicable, per NIST SP 800-88r2.
Verification, every device. Read-back checks confirm the result. No verification, no report.
Tamper-evident reports. SHA-256 hashes plus QR-coded online verification. Modify the document, the hash breaks.
Destruction only when necessary. Drives that fail verification or health checks go to certified destruction. Everything else stays in service.

See how it works Talk to us about your fleet

A FAIR CAVEAT

Sanitize-first is the default. It is not the only answer.

Some media is non-functional and cannot accept sanitization commands. Some regulatory regimes mandate physical destruction regardless of method effectiveness. Some buyers require destruction for their own assurance reasons. In all those cases, destruction is appropriate — and we route those drives accordingly, with the destruction documented in the same tamper-evident report system.

The argument here is for sanitization as the default, not as the only option. Choose the right tool for the data — and have the documentation either way.