Request
Under the Freedom of Information Act 2000, please provide the following recorded information held by your department regarding assurance processes for software based data erasure of end of life IT equipment.
For clarity, this request relates solely to software based data destruction. Please exclude physical destruction methods such as shredding, crushing, degaussing or disintegration.
1) Please confirm whether departmental policy, contractual terms or internal procedures require an explicit outcome based warranty or guarantee confirming that personal data has been rendered irretrievable through software based erasure, whether carried out internally or by an external provider.
2) Where software based data destruction is performed internally, what recorded evidential assurance does the department rely upon to conclude that the final data state is irretrievable?
3) Where software based data destruction is performed by a third party provider, does the department hold recorded information demonstrating that any warranty or assurance provided explicitly extends to the software erasure method used and its claimed effectiveness? If so, please confirm the recorded nature of that verification.
4) Where no explicit outcome based warranty is required or provided, what recorded form of evidential assurance does the department rely upon to conclude that software based erasure has rendered personal data irretrievable?
I am not requesting technical configuration detail, security sensitive information or supplier specific vulnerabilities. I am seeking confirmation of the assurance model relied upon for software based data destruction.
Decision
HSSIB outsources its information technology provision to NHS England (NHSE). NHSE outsource their software overwriting/hardware destruction to the NHS North of England Commissioning Support Unit (NECS).
1) Please confirm whether departmental policy, contractual terms or internal procedures require an explicit outcome based warranty or guarantee confirming that personal data has been rendered irretrievable through software based erasure, whether carried out internally or by an external provider.
NECS have a contract with Concept Management for software based erasure. The terms of the contract require the provider to evidence the destruction so that the information is irretrievable. All data bearing devices are either wiped or destroyed.
2) Where software based data destruction is performed internally, what recorded evidential assurance does the department rely upon to conclude that the final data state is irretrievable?
Our software based data destruction is performed by an external provider (NECS/Concept Management).
3) Where software based data destruction is performed by a third party provider, does the department hold recorded information demonstrating that any warranty or assurance provided explicitly extends to the software erasure method used and its claimed effectiveness? If so, please confirm the recorded nature of that verification.
NECS have access to a portal which shows destruction certificates for each collection, down to serial number or asset tag.
For drives that are over-written, NECS is a Gold Partner for Blancco and use this software. More information about Blancco can be found on their website.
Blancco are certified to perform data erasure, and this link provides assurance around the use of their technology.
Any drives that are specified to be destroyed or fail the over-writing are crushed, shredded, and smelted.
4) Where no explicit outcome based warranty is required or provided, what recorded form of evidential assurance does the department rely upon to conclude that software based erasure has rendered personal data irretrievable?
Not applicable as an explicit outcome based warranty is provided via a third party – as noted above, a destruction certificate is provided to NECS to confirm that the software based erasure has rendered all data (including personal data) irretrievable.