Policies and Certifications

NIST. DOD. Compliant.

100% Buttoned Up Guaranteed

“We chose PlanITROI because they are 100% buttoned up in terms of certifications, professionalism, and service. In all the years of working with them, we’ve never felt like our data was at risk. That peace of mind that comes with knowing our data is in safe hands is priceless.”

– PlanITROI Client

Since 2001, PlanITROI has never had an incident of client’s confidential information being exposed after processing over 60 million media devices (HDD, Tape, SSD, Flash, etc.) and destroying massive amounts of data stored on them.

Our methodology for the protection of client information is sound and based on industry practices. Additionally, PlanITROI can provide tamper-proof boxes and witnessed destruction for any site, and region per client request.

Describe the security measures we have in place to ensure the safety of client assets and the information stored on their hard drives.

PlanITROI has stringent security measures in place to ensure the safety of client assets and the information stored on their hard drives. The entire process is contained and under complete surveillance physically with each step in the process tracked and recorded within PlanITROI’s PlanITvision system.

Is an external audit for data wiping (processes and equipment) performed regularly?

Erasure System Forces Operator to... Erase, Record & Report Results

Erasure System provides shop floor control over erasure operator forcing the adherence to Client's SLA's for data eradication. In addition, System provides test results and automatic next steps to the operator while recording every step in the process and reporting to the client by serial number (SN) on Drive and tracing it back to the SN on Unit.

Data Eradication: Quality Control (QC)

Within the System, there are unlimited QC checks that can be setup based on client and type of product. If there are issues, we will not allow it to move to finished goods.

Describe the sanitization process for hard drives and other data-bearing devices.

PlanITROI’s default data sanitization procedure is a minimum of 1X (DATA_1X) Data Erasure wipe. PlanITROI sanitizes all hard drives using a National Institute of Standards and Technology (NIST) SP 800-88 compliant pass data overwrite process to ensure the complete destruction of any data from the drives. Each sanitized drive is validated though a quality inspection process (visual verification of data eradication) to ensure it has been overwritten properly. Any drives that cannot be successfully sanitized will be physically destroyed and Recycled. However, PlanITROI can undertake any data security requirement and implement any protocol necessary.

What are our policies and procedures regarding data destruction certificates? Do we keep a copy of each certificate? How long are they kept on file? How do clients obtain copies of the certificates, if needed? How do we capture the data?

PlanITROI’s Process for Department of Defense (DOD) Erasure of hard drives and documentation is summarized below:

All hard drives are identified by serial number and overwritten by a properly trained technician using the DOD’s proscribed software tools. We are currently using the Tabernus tool.
After erasure of each computer, or hard drive if removed, it is labeled to describe its serial number, the date of erasure, and the name of the technician who performed the erasure.
After overwriting the hard drives, the technician will sign a certificate that lists the serial numbers of the hard drives erased, the date of the procedure, the technician’s name and the technician’s title or position.
The certificate of data destruction will remain in PlanITvision for at least five years.