Media Sanitization Services

About our Media Sanitization Services

CAS provides media sanitization services for organizations that need secure, documented outcomes for data-bearing equipment and storage media. Our workflows are aligned with NIST SP 800-88 Rev. 2 and IEEE 2883, with method selection based on media type, device architecture, command interface, and your organization’s risk posture. We help clients determine when Clear, Purge, or Destroy is the most appropriate outcome, while supporting defensible reuse pathways when sanitization is feasible and policy allows it.

Sanitization Outcomes: Clear, Purge, or Destroy

• Clear: logical sanitization techniques used to protect against basic recovery attempts when appropriate for the media type and risk profile.
• Purge: stronger sanitization techniques used to protect against more advanced recovery methods, including supported device sanitize pathways and cryptographic erase where applicable.
• Destroy: physical destruction used when required by policy, when reuse is not allowed, or when Clear or Purge is not feasible or not successful for the media type.
• CAS documents the selected outcome and final method so security, compliance, and governance teams have a clear record of how each asset or media class was handled.

Purge Workflows for SSD, NVMe, and Encrypting Drives

For compatible and qualifying devices, CAS supports Purge workflows that may include supported device sanitize commands, block erase pathways, overwrite-based methods where appropriate, and cryptographic erase when encryption is properly implemented and key sanitization meets the required outcome. Method selection depends on the device family, command support, media type, and your organization’s security requirements. When a supported Purge method is feasible, sanitization can help preserve qualifying assets for secure reuse.

Storage Media and Device Types We Handle

• Hard drives, SSDs, self-encrypting drives, and NVMe storage
• Enterprise storage devices and media using ATA, SAS, SCSI, and NVMe interfaces
• USB removable media, flash drives, memory cards, and other portable storage devices
• Tape media, optical media, and legacy magnetic media where applicable
• Embedded flash storage on boards, modules, peripherals, and equipment with nonvolatile memory
• Servers, rack equipment, networking devices, office equipment, and endpoints containing internal storage components
• Mobile devices such as smartphones, tablets, and handheld equipment with onboard storage

Network Equipment and Embedded Storage Handling

• For many network endpoints, Purge is not typically feasible due to architecture and storage constraints.
• We commonly scope those assets for NIST Clear (when appropriate) or route to Destroy based on organizational requirements.
• We document the selected method and final outcome so security and governance teams have an unambiguous record.

Verification, Exception Reporting, and Documentation

• Outcome records for Clear/Purge/Destroy decisions by media type and device class
• Exception reporting when media cannot be sanitized as scoped (with escalation to alternate method)
• Certificates of Media Sanitization and final disposition documentation for applicable equipment and storage devices
• Chain-of-custody handling practices designed to reduce breach-risk and support vendor oversight

Method Selection by Device Type and Risk Profile

• We evaluate storage capabilities across HDD, SSD, NVMe, embedded storage, and mixed-device environments before selecting a sanitization method.
• Method selection is based on media type, command support, device condition, intended disposition, and your organization’s risk and compliance requirements.
• For mixed loads, we scope outcomes by device class so Clear, Purge, and Destroy decisions stay consistent across the project.

How Media Sanitization Differs From Data Destruction and IT Asset Destruction

• Media Sanitization focuses on applying the appropriate Clear, Purge, or Destroy outcome to qualifying media, with documented records that support governance, audit readiness, and secure reuse when policy allows it.
• Data Destruction is typically used when physical destruction is required for irreversible disposition, when reuse is not permitted, or when the media cannot be sanitized as scoped.
• CAS uses media sanitization workflows when organizations want a defensible process for identifying data-bearing components across multiple device types and documenting how each item was handled.
• When Purge is feasible and successful, sanitized assets may remain eligible for secure internal reuse, external reuse, resale, or other circularity-supporting pathways, depending on your organization’s requirements.
• CAS prioritizes data security, compliance requirements, and policy alignment before any reuse or sustainability objective. For sensitive data-bearing equipment, we support secure reuse outcomes only when the required sanitization and documentation standards have been met.

If your policy requires irreversible destruction of the entire device rather than sanitization of qualifying media, see our IT Asset & Equipment Destruction service.

Need reuse, circularity, and downstream disposition reporting for sanitized assets? See Sustainability Reporting Services. Looking for irreversible physical destruction instead of sanitization? View Data Destruction Services. For broader documentation and standards guidance, visit our Media Sanitization Resource Page.