Sanitization refers to the general process of removing data from hard drives or other storage media so that data may not be easily retrieved and reconstructed. When storage media is transferred, becomes obsolete, or is no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, or electrical data is not easily recoverable. The increased use of encryption within IT infrastructures may actually make electronic storage media more attractive to data thieves.
 
Media storage devices used to store customer data are classified by Probax as Critical and treated accordingly, as high impact, throughout their life-cycle. We have exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. 
 
In alignment with ISO 27001 standards, when a storage device has reached the end of its useful life, Probax procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. Probax uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. If a hardware device is unable to be decommissioned using these procedures, the device will be physically destroyed in accordance with industry standard practices. 
 
In alignment with ISO 27001 standards, Probax owned hardware assets are assigned an owner, tracked and monitored by the Probax personnel with appropriate inventory management tools. Probax's procurement and supply chain team maintain relationships with all suppliers of Probax owned hardware and public cloud infrastructure.
 
Probax owned media will be destroyed by an external NIST 800-88 compliant e-waste partner. In addition to NIST 800-88 compliance, our e-waste specialist is fully compliant with Australian Defense data privacy standards and multiple international cyber security standards.  For a full list of worldwide compliance certifications see below. All destroyed media is documented and accompanied by a certified report. 
 

Third-Party Auditors Verify Our Procedures & Systems

 
Probax engages independent auditors to regularly review and assess its security strategy, policies, procedures and systems. All assessments performed under this engagement is in accordance with industry-leading methodologies, such as the ASD Essential 8, ISO 27001 (Information Security Management) standard, ISO 9001 (Risk Management) and other reference  documentation where applicable under the Open Source Security Testing Methodology (OSSTM). Depending on the  compliance program and its requirements, external auditors may interview AWS employees about how they handle and dispose of media.
 

e-Waste Partner Certifications

 

EAL 2+ Certification means that our e-waste partner complies with all of the following U.S. and international disk wiping standards:

  • Common Criteria EAL 2+
  • US DoD 5220.22-M
  • NIST 800-88 REV 1 Compliant
  • Meets the Common Criteria Evaluation and Validation Scheme
  • HIPAA
  • FACTA standards
  • Sarbanes-Oxley
  • US Army AR380-19
  • US Air Force System Security Instruction 5020
  • US Navy Staff Office Publication P-5329-26
  • US National Computer Security Center TG-025
  • NATO NIAPC
  • GB HMG Infosec Standard #5 Baseline
  • GB HMG Infosec Standard #5 Enhanced
  • German VSITR
  • Australian Defense Signals Directorate ACSI-33(X0-PD)
  • Australian Defense Signals Directorate ACSI-33(X1-P-PD)
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • CIS GOST P50739-95
  • CSEC ITSG-06
  • Standard single pass overwrite