Certified data destruction, proven per device
The certificate is the proof. Here’s what audit-ready data destruction looks like — and how WipeTrail generates it for every device.
A certificate of data destruction is the proof that the data on a device was securely and irreversibly removed before the device was reused, recycled or destroyed. For any organisation disposing of IT, it’s the single most important piece of evidence — and under UK GDPR and the Data (Use and Access) Act 2025, it’s not optional.
Erasure vs physical destruction
There are two routes to secure sanitisation, and a good ITAD process uses the right one per device:
- Data erasure (wiping): software overwrites the storage so data can’t be recovered, and the drive can be reused — the greener, higher-value option.
- Physical destruction: shredding or degaussing the media, used where a drive fails, can’t be wiped, or the client requires it. It needs its own evidence (photos, logs, serials).
The standards that matter
- NIST Special Publication 800-88 Revision 1 — the internationally recognised guideline for media sanitisation (Clear, Purge, Destroy).
- HMG IS5 — UK government standard, including a Higher Standard for SECRET-classified material.
- ADISA — the UK ITAD industry certification (e.g. ADISA 8.0 / DIAL 2) many buyers now require.
What a certificate that stands up to audit contains
- The device make, model and serial number — per device, not per batch.
- The method and standard used (e.g. NIST 800-88 Purge, or physical destruction).
- The date, the operator, and a verifiable result.
- A link to the chain of custody for that exact device.
How WipeTrail handles it
WipeTrail generates one-click certificates — data erasure, physical destruction, WEEE and reuse — straight from the operational record, each tied to the device’s serial and its full event history. Your customers download them from their portal; you keep a complete, exportable audit trail. Pair it with DWTS-ready records and WEEE evidence and every device is fully accounted for.
Frequently asked questions
What is a certificate of data destruction?
It is the per-device proof that data was securely and irreversibly removed before reuse, recycling or destruction, including the serial number, method, standard and result.
What is NIST 800-88?
NIST Special Publication 800-88 Revision 1 is the internationally recognised guideline for media sanitisation, defining Clear, Purge and Destroy methods.
Is data erasure or physical destruction better?
Erasure lets a working drive be securely reused (greener, higher value); physical destruction is used when a drive fails, cannot be wiped, or the client requires it. A good process uses the right one per device.
Do batch certificates count?
Per-device, serial-level certificates are what stand up to an audit or a data-breach investigation. Batch statements generally do not.
Ready when you are
See WipeTrail on your own kit.
Book a 20-minute demo and we’ll walk the whole flow — collection to certified wipe to resale — and show how fast you could be live before the DWTS deadline.
Book a demo →