ISO 9001 QMS, 14001 EMS, NIST 800-88 Rev 1, we have got you covered on the processes!
Compliance comes from process accountability and verification and Databyte Solution has our partners covered.
The documentation trail begins from the profiling and documentation of equipment and storage medium prior to handling, photographic or videographic evidence of sanitization processes, verification of the sanitization process outcome and an itemized report of the entire process.
For organizations, it is important to accurately classify information in your organization's custody. NIST SP 800-88 Revision 1 guidelines classifies information as either low, medium or high security level. However, NIST 800-88 Rev 1 has not defined what type of information should be classified in which category. This classification decision has been left to the organizations themselves, which Databyte Solution can assist with, with reference to NIST SP 800-60 Vol. 1 Rev. 1
Generally, when deciding on which “security level” best describes your information, think of its value, and confidentiality, as well as the consequences of loss. The name and home address of your clients may not seem of “High Security” to you, but it may be to your client, employee or other stakeholders. Use this security level to determine how the data storage medium should be handled.
NIST SP 800-60 Vol 1 Rev 1 - Categorization of Federal Information and Information Systems Table
Profiling and Documentation
Profiling your information systems, data storage medium and even data itself is the key to full accountability and compliance.
At Databyte, we will ensure that every storage medium that is handled by us is fully logged and traceable down to the individual piece from the moment our partners transfer ownership of the medium to Databyte Solution till the final moment when the storage medium leaves us fully sanitized.
With the use of barcodes and smart vision software, maximum details will be captured for auditability
Evidence and Logs of Processes
Logsheets, Software Erasure Logs and Photographic / Videography documentation are timestamped to provide full accountability and traceability
All processes are verified via additional secondary checks.
These will include Sampling of individual storage mediums for data elements, and Photographic or Videographic logs of storage medium destruction processes or outcome
Once the data sanitization service is completed, a certificate of data sanitization will be issued by Databyte Solution to our partners.
Details will include serial numbers of storage medium, model / part number, storage type and manufacturer, along with software erasure logs, and photographic or videography evidence of destruction processes for each individual storage medium.
A full evidence trail will be provided to satisfy any internal audit requirements by each of our customers.