Secure Data Destruction Services

By Reboot Monkey Team

On-site physical destruction of storage media at your datacenter facility. NIST 800-88 Rev 1 compliant. Certificate of Destruction issued per asset. Active in 250+ cities across 190 countries.

Last updated: April 10, 2026

What Is Secure Data Destruction?

Secure data destruction is the process of rendering stored data permanently and verifiably irrecoverable. Unlike deletion or reformatting, which leaves data recoverable through forensic tools, certified data destruction follows recognised technical standards to guarantee that no residual data can be accessed by any known means. For organisations operating in regulated industries, proper data destruction is not optional. HIPAA, GDPR, PCI DSS, ISO 27001, and SOC 2 all require documented evidence that physical storage media containing sensitive data has been sanitised or destroyed before disposal, reuse, or decommissioning. Reboot Monkey provides on-site data destruction services at client datacenter facilities. Our field engineers travel to your location, perform the destruction on your premises, and issue a Certificate of Destruction (CoD) documenting each asset by serial number, method, date, and responsible engineer. No media leaves your facility unsecured.

The NIST 800-88 Rev 1 Standard: Clear, Purge, and Destroy

The recognised technical authority for data destruction is NIST Special Publication 800-88 Revision 1, published by the US National Institute of Standards and Technology. It defines three sanitisation methods, each offering a different level of assurance. Understanding the difference is critical for compliance mapping.

Clear applies logical techniques to sanitise user-addressable storage locations, typically via overwrite. It is the lowest assurance level and is suitable only for media being reused within the same organisation for low-sensitivity data. Clear does not protect against forensic laboratory recovery. It is not adequate for HIPAA, GDPR, or PCI DSS media disposal.
Purge renders data irrecoverable even with state-of-the-art laboratory equipment. For hard disk drives (HDDs) and magnetic tape, degaussing achieves Purge by saturating the magnetic domains. For SSDs and NVMe drives, cryptographic erase or the manufacturer-issued Secure Erase command must be used. Critically, multi-pass overwrite methods do not achieve Purge for SSDs: the wear-leveling architecture of NAND flash means logical overwrites miss hidden sectors. Purge satisfies HIPAA 45 CFR 164.310(d)(2)(i), GDPR Article 17, and PCI DSS v4.0 Requirement 9.4.6.
Destroy renders media physically unusable by any known means. Mechanical shredding reduces drives to fragments below 5mm per DIN 66399 specifications. Other Destroy methods include pulverising, incineration, and melting. Destroy is the appropriate choice for highest-classification data, media with unknown encryption status, or end-of-life equipment where reuse is not a consideration.

A Note on Superseded Standards

The DoD 5220.22-M standard, which specified a three-pass overwrite pattern, was the de facto reference for US government data destruction for many years. It is now superseded. NIST 800-88 Rev 1 is the current authoritative standard for both civilian and government use. Any vendor still citing DoD 5220.22-M as a current compliance standard is working from outdated guidance. Similarly, Grade 1, Grade 2, and Grade 3 terminology comes from the DIN 66399 document and describes shredder particle sizes, not NIST sanitisation categories. The two frameworks are complementary but distinct. Reboot Monkey engineers are trained to work within the correct framework for each client's regulatory environment.

Media-Specific Destruction: Why One Method Does Not Fit All

Each storage media type has physical characteristics that determine which destruction method achieves the required assurance level. Applying the wrong method creates compliance exposure.

Hard disk drives (HDD, SATA/SAS, 2.5" and 3.5" form factors): Degaussing achieves NIST Purge by disrupting the magnetic platters. Physical shredding achieves NIST Destroy. Multi-pass overwrite achieves NIST Clear only.
Solid-state drives (SSD, SATA, and NVMe, including M.2 and PCIe form factors): Degaussing is NOT effective. SSDs contain no magnetic media. The appropriate Purge method is cryptographic erase (for drives with hardware encryption or self-encrypting drive support) or the manufacturer Secure Erase command. Physical shredding or disintegration achieves NIST Destroy.
NVMe drives (PCIe, U.2, and M.2): Same requirement as SSD above. Degaussing is not applicable. Cryptographic erase or physical destruction only.
Magnetic tape (LTO, DLT, DAT): Degaussing achieves NIST Purge. Physical shredding or incineration achieves NIST Destroy.
Optical media (CD, DVD, Blu-ray): No magnetic or electronic erase is applicable. Physical shredding or incineration to the Destroy standard is required.
USB drives and memory cards: Physical shredding or disintegration to the Destroy standard. No software wipe achieves the assurance level required for regulated data on these form factors.

On-Site Destruction at Your Datacenter Facility

Most traditional data destruction vendors operate from centralised processing facilities. You pack your drives, ship them in a sealed container, and hope the chain of custody holds. Reboot Monkey does not operate this way. Our field engineers come to you. Destruction occurs at your datacenter, inside your facility, in front of your team if you require it. This eliminates the single largest risk in the off-site model: media in transit. This matters most in colocation environments. Your servers sit in racks at Equinix, Digital Realty, CyrusOne, or any number of independent carrier-neutral facilities. Those are third-party buildings. Traditional data destruction vendors typically do not operate inside third-party colocation facilities. Reboot Monkey engineers work inside third-party datacenters every day. We provide remote hands, smart hands, rack and stack, and migration services at these facilities as a core part of what we do. Data destruction is a natural extension of that presence. For organisations running hardware refresh cycles, decommissioning projects, or migrating between facilities, on-site destruction means the job is done before anything leaves the floor. No transport manifests, no sealed drum logistics, no waiting weeks for confirmation. The Certificate of Destruction is issued the same day.

Global Reach Across 250+ Cities and 190 Countries

Most data destruction companies are North America-only operations. Some have European coverage. Very few have meaningful presence in Asia-Pacific, the Middle East, Africa, or Latin America. Reboot Monkey has field engineers available across more than 250 cities in 190 countries. This matters for two reasons. First, multinational organisations running hardware refresh cycles or datacenter consolidations need a single provider they can deploy across all locations. Managing separate destruction vendors in Frankfurt, Singapore, and São Paulo creates fragmentation in documentation, chain of custody, and audit trails. A single global provider eliminates that. Second, data sovereignty regulations in an increasing number of jurisdictions require that personal data be processed and destroyed within the country of origin. GDPR and national implementations across the EU create documented obligations around where data is handled. Similar frameworks are in force or under development in India, Brazil, Japan, South Korea, and other markets. In-country data destruction, performed by a local field engineer on-site, is the most straightforward path to compliance. It avoids the question of whether transferring media across borders for destruction constitutes a restricted data transfer. Reboot Monkey operates across FLAP markets (Frankfurt, London, Amsterdam, Paris), the Nordic region (Stockholm, Helsinki, Copenhagen), major US hubs (Ashburn, New York, Dallas, Chicago, Los Angeles), APAC (Tokyo, Singapore, Hong Kong, Sydney, Mumbai), Africa (Lagos, Johannesburg, Cape Town), and Latin America (São Paulo, Santiago, Mexico City). See our regional decommissioning pages for country-specific coverage.

Compliance Frameworks: What Each Regulation Actually Requires

Compliance requirements for data destruction vary by regulation. Understanding what each framework actually mandates prevents both under-compliance (leaving audit exposure) and over-engineering destruction methods beyond what the standard requires.

HIPAA (45 CFR 164.310(d)(2)(i)): Covered entities and business associates must implement procedures to remove electronic PHI from media before reuse and protect media from unauthorised access during disposal. HHS Security Rule guidance references NIST 800-88 as a recognised sanitisation standard. Purge or Destroy achieves compliance. The Certificate of Destruction documenting method, date, location, and responsible party is the required compliance evidence. HIPAA audit records must be retained for a minimum of six years.
GDPR (Article 17 and Article 5(1)(e)): Article 17 grants data subjects the right to erasure. Article 5(1)(e) requires that personal data be stored no longer than necessary. When hardware containing personal data is decommissioned, controllers must ensure that data is rendered permanently inaccessible. NIST 800-88 Purge or Destroy satisfies this obligation. The Certificate of Destruction, with asset identification and method documentation, provides the evidence required for Data Protection Authority audits and data subject requests.
PCI DSS v4.0 (Requirement 9.4.6): Organisations processing cardholder data must destroy media using methods that render cardholder data irrecoverable and unusable. Requirement 9.4.6 specifically requires that destruction methods be documented and verifiable. NIST 800-88 Purge and Destroy both satisfy this requirement. QSA assessors expect to see CoD records during assessments.
ISO 27001:2022 (Annex A.8.10): Controls for information deletion require documented procedures for secure asset disposal, including verification that data has been rendered inaccessible. Certificate of Destruction and asset disposal logs satisfy the evidence requirements for annual surveillance audits.
SOC 2 Type II (CC6.5): Controls around logical and physical access include disposal of assets. SOC 2 Type II auditors trace a sample of assets from inventory through to CoD during the audit period. Missing documentation for any asset in scope is treated as a control weakness.

Certificate of Destruction: What It Must Contain

A Certificate of Destruction is the primary compliance artefact for data destruction. It is not a certification issued by a standards body. It is a document produced by the destruction vendor, signed by the responsible engineer, that attests to what was destroyed, how, where, and when. A CoD that is missing key components may not satisfy audit requirements. Reboot Monkey CoDs include all elements required by the regulated frameworks our clients operate under.

Asset identification: Serial number, make, model, capacity, form factor, and media type for each item processed individually.
Sanitisation method: The specific NIST 800-88 category (Clear, Purge, or Destroy) and sub-method (cryptographic erase, degaussing, shredding, etc.).
Date and time: Exact date of destruction, or date range for batched operations.
Location: The physical facility where destruction was performed. For on-site destruction, this is the client's datacenter address and cage reference. This is directly relevant for data sovereignty compliance.
Responsible party: Name, title, and signature of the field engineer who performed or witnessed the destruction.
Chain of custody: For any assets that required transport, documented transfer records from client custody to destruction point, including seals, lock serial numbers, and timestamps.
Downstream disposition: Where physical fragments went after destruction (licensed metal recycler, hazardous waste facility, etc.).
Certification statement: A signed legal statement attesting to compliance with the stated standard and irrecoverability of data.

R2 and e-Stewards: Understanding Partner Certifications

Clients frequently ask whether Reboot Monkey holds R2 (Responsible Recycling) or e-Stewards certification. Both are facility certifications awarded to ITAD (IT Asset Disposition) processing sites, not to service providers in the field. R2 v3.0 and e-Stewards v3.0 certify that an ITAD facility meets documented standards for data destruction, environmental compliance, worker safety, and responsible material recovery. They are held by the facilities that process and recycle hardware after destruction. Where Reboot Monkey arranges off-site physical destruction or hardware recycling as part of a broader decommissioning engagement, we coordinate with R2-certified and e-Stewards-certified ITAD partners. The Certificate of Destruction we issue references the partner facility and their certification status. This means our clients receive the benefit of the downstream compliance framework without needing to independently vet recycling partners.

Data Destruction as Part of the Decommissioning Lifecycle

Competitors in the data destruction market treat it as a standalone service. You call, they come, they destroy, they leave. Reboot Monkey delivers data destruction as a natural component of a broader operational workflow. A datacenter decommissioning project follows a defined lifecycle: inventory and planning, power-down sequencing, cable disconnection and labelling, rack stripping, data destruction, hardware recovery, and facility remediation. Reboot Monkey provides all of these services. Data destruction is the penultimate step before hardware leaves the facility, and it happens while our engineers are already on-site completing the broader project. This integration removes the scheduling friction of coordinating a separate destruction vendor during a decommissioning window. It eliminates the risk of drives being removed from racks and placed in uncontrolled storage before destruction. And it produces a single chain-of-custody document covering the entire process from inventory to CoD issuance. For clients running server migrations or hardware refresh cycles, the same logic applies. Reboot Monkey engineers performing the migration can simultaneously handle the destruction of decommissioned drives, with documentation running through the same project record.

Industries and Use Cases

Data destruction requirements are highest in sectors that handle sensitive personal, financial, or classified data at volume. Reboot Monkey works across all of these verticals.

Financial services: Banks, fintechs, and capital markets firms handling cardholder data (PCI DSS Requirement 9.4.6) and proprietary trading data. Regular hardware refresh cycles in trading infrastructure mean ongoing destruction requirements.
Healthcare and life sciences: Hospitals, health insurers, pharmaceutical companies, and research institutions handling electronic protected health information (ePHI) under HIPAA 45 CFR 164.310(d)(2)(i).
Technology and SaaS: Cloud providers and SaaS vendors undergoing SOC 2 Type II audits require documented asset disposal evidence across all hardware retired during the audit period.
Government and defence: Agencies and contractors with FISMA obligations, NIST 800-171, or ITAR requirements where destruction method selection and documentation requirements exceed civilian standards.
Telecommunications: Carriers retiring network infrastructure hardware across distributed sites where coordination and per-asset documentation at scale is operationally complex.
Enterprise IT departments: Any organisation running a multi-year hardware refresh cycle, datacenter consolidation, or facility exit requiring documented compliance with GDPR, ISO 27001, or internal information security policies.

How Reboot Monkey Delivers Secure Data Destruction

Our data destruction engagements follow a consistent process regardless of geography. The steps below reflect how a typical on-site engagement is structured. Scope and timing are confirmed in advance with the client.

Scope definition: Asset inventory provided by the client or produced by our engineers during an on-site audit. Includes media type, quantity, physical location within the facility, and any specific compliance requirements (HIPAA, PCI DSS, GDPR, etc.).
Method selection: Reboot Monkey engineers recommend the appropriate NIST 800-88 method for each asset type. SSDs and NVMe drives receive cryptographic erase or physical destruction. HDDs receive degaussing or shredding. Tape and optical media receive degaussing or physical destruction.
On-site execution: A Reboot Monkey field engineer is dispatched to the client's datacenter. Destruction occurs on-site. The client may request a witness be present for the process.
Documentation: Each asset is logged with serial number, media type, method applied, date, time, and location. For physical destruction, photographic documentation is available.
Certificate of Destruction issuance: A CoD covering all assets processed is produced on the same day, signed by the responsible field engineer, and delivered digitally to the client.
Hardware coordination: Where the client requires downstream hardware recycling or ITAD services, Reboot Monkey coordinates handoff to an R2 or e-Stewards certified partner with chain-of-custody documentation covering the transfer.

Pricing and Service Options

Reboot Monkey data destruction pricing reflects the on-site delivery model. There are no transport premiums, no minimum volume requirements for individual visits, and no lock-in contracts required for one-off engagements. Three billing structures are available.

Per-incident: A fixed fee for a single destruction engagement. Suitable for ad-hoc decommissioning events or one-off hardware retirement.
Block hours: Pre-purchased engineer hours, drawn down across multiple engagements. Suitable for organisations with quarterly or semi-annual hardware refresh cycles.
Monthly retainer: Bundled service with defined SLA response times. Suitable for large enterprises with ongoing, high-volume destruction requirements across multiple sites.

Why Reboot Monkey Instead of a Traditional Data Destruction Vendor

Traditional data destruction vendors are centralised operations. They excel at volume processing at fixed facilities. Reboot Monkey is a different type of organisation. We are a vendor-neutral third-party datacenter services provider operating inside other companies' datacenters. Physical presence at the client site is the product. This structural difference produces specific advantages for clients in colocation environments.

No transport risk: Media is destroyed where it sits. Chain of custody does not depend on sealed drums and shipping manifests.
Vendor neutrality: Reboot Monkey is not affiliated with any datacenter operator. We work in Equinix facilities, Digital Realty facilities, NTT facilities, and any independent carrier-neutral site. The client is not restricted to a preferred vendor list imposed by the facility.
Global consistency: A single provider, single contract, and single documentation format across all locations. Particularly relevant for multinational compliance programmes where audit teams need consistent CoD records.
Integrated lifecycle services: Data destruction bundled with rack-and-stack, server migration, smart hands, and datacenter decommissioning under one engagement. One project manager, one chain of custody, one set of records.
24/7 NOC with 4-hour on-site SLA: For emergency destruction requirements, including breach response scenarios, Reboot Monkey can dispatch a field engineer within four hours at covered locations.
No minimum fleet: Reboot Monkey does not operate a fleet of shredding trucks that requires a minimum volume to justify dispatch. A single rack of servers is a valid engagement.

On-Site Data Destruction

Dedicated page covering our on-site destruction process, equipment, and witness options in detail.

IT Asset Disposition (ITAD)

End-to-end IT asset disposition including hardware recovery, R2-certified recycling coordination, and value recovery.

Datacenter ITAD

ITAD services scoped for full datacenter environments, including inventory, destruction, and asset recovery at scale.

Datacenter Decommissioning

Full-lifecycle decommissioning services from planning and power-down through data destruction, rack removal, and facility remediation.

Datacenter Decommissioning , United States

Decommissioning and data destruction services across major US datacenter hubs including Ashburn, New York, Dallas, Chicago, and Los Angeles.

Datacenter Decommissioning , United Kingdom

Decommissioning and data destruction services across UK datacenter facilities in London, Manchester, and other major hubs.

Datacenter Decommissioning , Germany

Decommissioning and data destruction services in Frankfurt, Berlin, and other German datacenter facilities. GDPR-aligned documentation.

Frequently Asked Questions

What is the difference between data destruction, data wiping, and data deletion?

Data deletion removes file system references but leaves the underlying data on the media and recoverable with standard tools. Data wiping applies overwrite patterns to user-addressable sectors, achieving NIST 800-88 Clear level. Data destruction encompasses both software-based sanitisation (Clear and Purge) and physical destruction (Destroy). For regulated data, Purge or Destroy is required. Wiping alone does not achieve Purge for SSDs or NVMe drives due to wear-leveling architecture.

What are the three NIST 800-88 methods and when should each be used?

NIST 800-88 Rev 1 defines Clear, Purge, and Destroy. Clear uses logical overwrite and is suitable only for non-regulated data being reused internally. Purge renders data irrecoverable under laboratory conditions, using degaussing for HDDs and tape, or cryptographic erase and Secure Erase commands for SSDs and NVMe drives. Purge satisfies HIPAA, GDPR, and PCI DSS media disposal requirements. Destroy physically disintegrates the media through shredding, pulverising, incineration, or melting. Destroy is used for the highest sensitivity data or where Purge verification is not possible.

Does degaussing work on SSDs and NVMe drives?

No. Degaussing disrupts magnetic domains on ferromagnetic media such as HDDs and magnetic tape. SSDs and NVMe drives store data on NAND flash chips, which contain no magnetic media. Applying a degausser to an SSD has no effect on the data. The correct Purge methods for SSDs are cryptographic erase (if the drive supports hardware encryption) or the manufacturer Secure Erase command. Physical shredding or disintegration achieves NIST Destroy.

What is a Certificate of Destruction and what must it contain?

A Certificate of Destruction (CoD) is a document issued by the destruction vendor that serves as legal evidence of compliance with data destruction obligations. It must include the serial number and description of each asset processed, the NIST 800-88 method applied, the date and time of destruction, the physical location where destruction occurred, the name and signature of the responsible engineer, and a certification statement attesting to the irrecoverability of the data. HIPAA requires CoD records be retained for a minimum of six years.

What does HIPAA require for data destruction?

HIPAA 45 CFR 164.310(d)(2)(i) requires covered entities and business associates to implement procedures to remove electronic PHI from media before disposal or reuse. HHS guidance references NIST 800-88 as a recognised standard. Purge or Destroy satisfies the requirement. The Certificate of Destruction is the required compliance evidence for OCR audits.

What does GDPR require for data destruction?

GDPR Article 17 gives data subjects the right to erasure. Article 5(1)(e) requires personal data not be retained longer than necessary. When hardware containing personal data is decommissioned, the data must be rendered permanently inaccessible. NIST 800-88 Purge or Destroy satisfies this obligation. The Certificate of Destruction, with asset identification and method documentation, is the evidence required by Data Protection Authorities. For organisations subject to data localisation requirements, in-country on-site destruction avoids potential issues with cross-border data transfer.

What does PCI DSS v4.0 require for data destruction?

PCI DSS v4.0 Requirement 9.4.6 requires that media containing cardholder data be destroyed using methods that render the data irrecoverable and that destruction methods are documented and verifiable. NIST 800-88 Purge and Destroy both satisfy this requirement. QSA assessors expect to see Certificate of Destruction records during PCI assessments.

Does Reboot Monkey hold R2 or e-Stewards certification?

R2 and e-Stewards are facility certifications awarded to ITAD processing sites, not to field service providers. Reboot Monkey is not an ITAD facility and does not hold these certifications. Where Reboot Monkey coordinates off-site hardware recycling as part of a decommissioning engagement, we route materials through R2-certified or e-Stewards-certified partner facilities. The Certificate of Destruction we issue references the partner facility and their certification status.

Can data destruction be performed on-site at a colocation facility?

Yes. Reboot Monkey field engineers work inside third-party colocation datacenters as a core service. We already provide remote hands, smart hands, rack-and-stack, and migration services at Equinix, Digital Realty, NTT, and independent carrier-neutral facilities globally. Data destruction is performed at the client's cage or suite, inside the facility, without removing media to an external location. A Certificate of Destruction is issued on the day.

How long does on-site data destruction take?

Duration depends on asset volume and the mix of destruction methods required. Cryptographic erase for encrypted SSDs is fast and can process many drives in an hour. Physical destruction operations scale with the volume of media. Reboot Monkey will provide a time estimate as part of scope confirmation. For large-scale decommissioning projects, destruction is staged across the decommissioning window and documented batch by batch.

What happens to the hardware after destruction?

Where physical destruction produces fragments (shredding, disintegration), the fragments are typically routed to a licensed metal recycler or hazardous waste facility. Where Purge methods are used and the hardware has residual value, the client may choose to recover the hardware for resale or responsible recycling through an R2 or e-Stewards certified ITAD partner. Reboot Monkey can coordinate this handoff as part of an ITAD engagement.

How does Reboot Monkey handle data destruction across multiple countries?

Reboot Monkey operates across 250+ cities in 190 countries. For multinational clients running global hardware refresh cycles or datacenter consolidations, we can coordinate destruction engagements across all locations under a single contract. Documentation follows a consistent format across all sites, producing a uniform audit trail. In-country destruction is available wherever local data sovereignty requirements prohibit cross-border data movement.