Skip to main content

(Tech Support) Best practices for media destruction

Media destruction, either physical or electronic, is intended to prevent data disclosure. Some ways data may be disclosed are:

Drives that will not be reused should be physically destroyed. Even if the drive is to be reused it should be erased using one of the recommended tools or applications. Different terms may be used to refer to disk or file erasure. Some common terms are disk wiping and secure deletion.

What Are the Standards for Media Destruction?

  • DoD 5220.22: Functional drives should be overwritten 3 times prior to disposal or reuse.
  • NIST 800-88: Modern hard disks can defy conventional forensic recovery after a single wiping pass. 

Note: As of 2001, ATA (thought not SCSI) drives support a secure-overwrite command that should eliminate all data on the drive much more rapidly than operating system-level utilities. Certain specialty hardware supports this.

What is the Security Office Recommendation?

Our recommendation acknowledges the NIST document, but maintains consistency with other practices throughout higher-education and industry. 

  • For drives that will be reused or disposed of in a functional state: use of a reputable erasure utility implementing DoD 5220.22. A 3-pass wipe of a large hard disk is time-intensive.
  • For drives that are defective, dead, or sufficiently unresponsive that they do not complete the 5220.22 wipe protocol:  physical destruction prior to RMA or disposal.

Destruction Practice by Media

Hard Disk DoD 5220.22 erase prior to format Physical destruction or deguass
Floppy Disk Degauss or erase prior to format Physical destruction, degauss, or erase
Caseless Optical (CD/DVD) Typically N/A Physical destruction (break into pieces or uniformly abrade surface)
ZIP/Cartridge DoD 5220.22 erase Physical destruction or degauss
Small solid state, USB/Flash Erasing is unpredictable, but nonetheless recommended prior to format Physical destruction
Tapes Degauss Physical destruction or degauss


Last updated 12/09/2014


Back to main category list


Type your security question:

Browse all Security articles