Skip to content

On-Site Data Destruction Services

By Reboot Monkey Team

Certified on-site data destruction inside your data centre. NIST 800-88 compliant. Physical destruction and secure erasure with chain-of-custody documentation.

Last updated: April 10, 2026

What On-Site Data Destruction Actually Means

On-site data destruction means a certified engineer arrives at your datacenter, works inside your cage or equipment room, and destroys your storage media without moving it out of the building. The destruction happens where the hardware lives. You or your designated staff can witness the entire process. Nothing is boxed, labelled for collection, loaded onto a truck, or taken to a third-party facility. The media stays in your custody at all times until the moment of destruction, and the resulting fragments remain on-site for you to manage under your own recycling or disposal program. This model is fundamentally different from the standard ITAD and e-waste recycling model. In the standard model, a vendor collects your drives, transports them to a processing facility, performs destruction hours or days later, and issues a certificate after the fact. Every step in that chain introduces risk: a labelling error, a misdirected shipment, a gap between collection and destruction, or an unwitnessed process. For organisations operating under GDPR Article 32, HIPAA 45 CFR 164.310(d)(2)(i), PCI DSS v4.0 Requirement 9.4.2, or US federal requirements under NIST SP 800-88, each of those gaps can constitute a reportable incident. Reboot Monkey eliminates the chain entirely. There is no collection event, no transport leg, and no third-party facility to audit. The destruction happens in your building, observed by your staff, documented in real time, and certified the same day.
  • Engineer arrives at your datacenter facility, not at a truck or drop-off point
  • Destruction occurs inside your equipment room with your staff present
  • Media never leaves your building during the service
  • Certificate of Destruction issued per asset on the same day
  • No transport liability, no custody gap, no delayed documentation

NIST SP 800-88 Rev 1: Clear, Purge, and Destroy

NIST Special Publication 800-88 Revision 1 (Guidelines for Media Sanitization) defines three sanitization categories that apply to all storage media types. Understanding which method applies to your hardware is critical for compliance audits. Clear applies logical techniques using standard read/write commands to overwrite all accessible storage locations. It is effective for HDDs in low-sensitivity decommissioning scenarios such as internal repurposing or donation to non-regulated parties. It is not effective for SSDs or NVMe drives because the device firmware controls which cells are written to, meaning overwrite commands cannot guarantee full coverage of all NAND cells including those marked bad or reserved by the wear-levelling algorithm. Purge uses more robust techniques such as Cryptographic Erase (CE), where the encryption key is destroyed and the data becomes permanently inaccessible without any need to overwrite cells individually. For self-encrypting drives (SEDs), this is the recommended NIST-compliant method. Purge is the standard method for HDDs using ATA Secure Erase or Sanitize commands, and for SEDs using crypto-erase. Degaussing is listed as a Purge-level technique for magnetic HDDs and tape media only. Degaussing is not effective on SSDs, NVMe drives, or any flash-based storage because these devices do not rely on magnetic encoding. Destroy renders the device physically unusable by shredding, disintegrating, pulverising, or crushing. For SSDs and NVMe drives, physical destruction is the NIST-recommended path when Cryptographic Erase is not available or cannot be verified. Reboot Monkey engineers apply physical destruction to solid-state media via shredding or drilling to prevent NAND chip recovery, and apply degaussing followed by physical destruction for HDDs requiring the highest assurance level. Every asset receives a documented method in the Certificate of Destruction, including the specific NIST sanitization category applied.
  • Clear: effective for HDDs in low-sensitivity scenarios, not for SSD or NVMe
  • Purge: Cryptographic Erase for SSDs and SEDs, degaussing for HDDs and tape only
  • Destroy: physical shredding or drilling for SSDs, NVMe, and highest-assurance HDD requirements
  • Degaussing is NOT effective on any flash-based media including SSD and NVMe
  • Method per asset documented in the Certificate of Destruction with NIST category reference

What Media Types Reboot Monkey Destroys On-Site

Reboot Monkey engineers handle the full range of storage media found in enterprise datacenter environments. Each asset type requires a specific destruction method aligned to NIST SP 800-88 Rev 1 and applicable compliance frameworks. Hard disk drives (HDDs) in 3.5-inch and 2.5-inch form factors, covering PATA, SATA, and SAS interface variants, are sanitized by degaussing using a certified degausser and then physically destroyed. Degaussing alone does not render a working HDD certifiably unreadable by NSA standards, so physical destruction follows. Solid state drives (SSDs) in SATA and NVMe (M.2) form factors are destroyed by physical shredding or drilling. Because degaussing has no effect on NAND flash cells, physical destruction is the only method that can provide compliance-grade assurance for SSDs. Engineers verify the drive is non-self-encrypting before applying destruction; for SEDs, Cryptographic Erase is applied first, followed by physical destruction for highest-assurance requirements. Tape cartridges (LTO-7, LTO-8, LTO-9) are sanitized by degaussing and physical destruction. Tape media retains data through magnetic encoding, making degaussing effective, but physical destruction is applied as a secondary measure for regulated environments. Server flash modules, embedded storage in network appliances (SmartNICs, ASICs with onboard storage), and optical media containing sensitive data are handled on a scoped basis confirmed at engagement start. Memory modules containing residual data in power-fail scenarios are also in scope on request. All asset types are documented by serial number, rack location (facility name, cage ID, rack ID, U position), pre-destruction photograph (serial number visible), destruction method, and post-destruction photograph before the Certificate of Destruction is issued.
  • HDDs (SATA, SAS, PATA): degaussing then physical destruction
  • SSDs and NVMe: physical shredding or drilling (degaussing not effective)
  • Tape (LTO-7/8/9): degaussing then physical destruction
  • Server flash modules and embedded storage: scoped at engagement start
  • All assets documented by serial number with pre- and post-destruction photographs

Certificate of Destruction: What It Contains and Why It Matters

The Certificate of Destruction (CoD) is the primary legal document proving that destruction occurred. It is issued per asset on the day of destruction, not after a batch processing cycle. This timing is material for audits: a CoD dated the same day as your decommissioning event closes the compliance window immediately. A CoD issued 48 or 72 hours after collection does not. Each Reboot Monkey CoD contains: the facility name and physical address, cage or rack identifier and U position, asset type and form factor, serial number as-found on the device, destruction method applied with NIST SP 800-88 Rev 1 category referenced, engineer name and credential identifier, facility access timestamp and destruction timestamp, pre-destruction photograph (serial number and physical state visible), post-destruction photograph (destroyed state visible), client witness name and signature if witness attestation was requested, and the Reboot Monkey service engagement reference number. This document set satisfies the audit requirements of GDPR Article 5(1)(f) (integrity and confidentiality), HIPAA 45 CFR 164.310(d)(2)(i) (procedures for disposal of electronic protected health information), PCI DSS v4.0 Requirement 9.4.2 (confirm media is destroyed when no longer needed), ISO 27001:2022 Annex A 7.14 (secure disposal or reuse of equipment), and SOC 2 Common Criteria CC6.5 (system component disposal). CoDs are delivered in PDF format to the client contact on the same day. Reboot Monkey retains copies for audit purposes. Clients who require certified notarisation or chain-of-custody ledger integration should raise this at engagement scoping.
  • Issued per asset on the same day of destruction, not after batch processing
  • Contains serial number, facility location, destruction method, NIST category, timestamps, and photographs
  • Satisfies GDPR Article 5(1)(f), HIPAA 164.310(d)(2)(i), PCI DSS v4.0 Req 9.4.2, ISO 27001 A.7.14
  • Witness attestation available: client staff can sign the CoD at point of destruction
  • PDF delivered to client on the same day; Reboot Monkey retains copies for audit

GDPR, HIPAA, and PCI DSS: How On-Site Destruction Satisfies Compliance Requirements

Three regulatory frameworks drive the majority of on-site destruction engagements in enterprise datacenter environments. Each has specific technical and procedural requirements that the on-site model satisfies more directly than the transport-and-process model. GDPR Article 17 (right to erasure) and Article 32 (security of processing) together require that personal data is rendered permanently inaccessible when the retention basis no longer applies, and that organisations implement technical measures to ensure ongoing confidentiality and integrity of processing systems. For decommissioned hardware that holds personal data, on-site physical destruction with a contemporaneous CoD constitutes the most defensible evidence of compliance under GDPR Recital 65 and the European Data Protection Board guidance on data subject rights. Off-site transport introduces a period during which personal data is in transit and technically accessible to the carrier, which complicates the Article 32 risk analysis. HIPAA 45 CFR 164.310(d)(2)(i) requires covered entities and business associates to implement policies and procedures to address the final disposition of electronic protected health information (ePHI) and the hardware or electronic media on which it is stored. The required element is a procedure that ensures ePHI is rendered unreadable, indecipherable, and unable to be reconstructed. On-site physical destruction with same-day documentation satisfies this requirement. Reboot Monkey issues the CoD directly to the covered entity contact, creating the contemporaneous record required for HIPAA audit defence. PCI DSS v4.0 Requirement 9.4.2 mandates that when hard-copy or electronic media containing cardholder data is no longer needed for business or legal reasons, it must be destroyed so that cardholder data cannot be reconstructed. Requirement 9.4.3 requires a log of media destroyed to be maintained. The Reboot Monkey CoD per asset satisfies both requirements simultaneously. DORA (EU Regulation 2022/2554), which came into enforcement for EU financial institutions in January 2025, requires that ICT asset management procedures include secure disposal of information assets. On-site destruction with documented chain of custody is directly aligned to DORA Article 8 requirements for ICT risk management frameworks.
  • GDPR Article 32: on-site destruction eliminates transport-phase data exposure risk
  • HIPAA 164.310(d)(2)(i): same-day CoD per asset satisfies ePHI disposal documentation requirement
  • PCI DSS v4.0 Req 9.4.2 and 9.4.3: CoD per asset constitutes the required destruction log
  • DORA Article 8: ICT asset disposal documentation aligned to January 2025 enforcement
  • ISO 27001:2022 A.7.14 and SOC 2 CC6.5 satisfied by same-day CoD with photographic evidence

On-Site vs. Off-Site: Where the Risk Difference Lives

The difference between on-site and off-site destruction is not a matter of preference. It is a matter of where custody of the media resides during each phase of the process, and who bears legal liability if something goes wrong. In the off-site model, your media enters a collection event, is labelled, packaged, loaded onto a vehicle, transported to a processing facility, queued for processing, destroyed, and then documented. Each of those steps involves a handover or a gap. Collection labels can be confused. Vehicles can be involved in accidents. Processing facilities can be breached. The destruction queue can run over days. The documentation is retrospective. In the Reboot Monkey on-site model, your media is identified by serial number in your rack, photographed, destroyed in front of you or your designated representative, and documented on the spot. There is no collection event, no transport leg, no processing queue, and no facility other than your own. The CoD is issued the same day. The only gap in custody is the moment between your engineer lifting the drive from the rack and destroying it, which is observed and photographed. For organisations that carry cyber insurance, this distinction is increasingly material. Insurers are beginning to require documentation of the destruction method and chain of custody as a condition of cover for data destruction claims. An on-site model with same-day CoD and photographic evidence provides a stronger audit record than a retrospective certificate issued after batch processing at a third-party site. For colocation tenants specifically, the on-site model removes a further complication: the colocation facility's own security policies typically restrict what can be carried out of the building without documented authorisation. On-site destruction means you never need to apply for media export authorisation, because nothing leaves.
  • Off-site model: multiple handover points, transport gaps, retrospective documentation
  • On-site model: no collection event, no transport leg, same-day CoD, observed by your staff
  • Cyber insurance requirements increasingly favour on-site models with same-day evidence
  • Colocation facility security policies: on-site destruction removes media export authorisation requirements
  • Legal liability stays with you throughout the off-site chain; on-site eliminates that exposure

SSD and NVMe Destruction: Why Degaussing Fails and What Works

A persistent misconception in enterprise IT is that SSDs and NVMe drives can be sanitized by degaussing in the same way as magnetic HDDs. They cannot. This matters because acting on this misconception can produce a CoD for an asset that still contains recoverable data, which constitutes a compliance failure regardless of the certificate's existence. HDDs store data by encoding magnetic fields onto spinning platters. Degaussing exposes the drive to a strong alternating magnetic field that randomises the magnetic domains on the platters, destroying the data encoding. The process is well-understood, mature, and produces drives that are certifiably unreadable. SSDs and NVMe drives store data in NAND flash cells, which retain charge states rather than magnetic fields. Magnetic fields have no effect on the charge states in NAND cells. A degaussed SSD will in most cases still power on, still present its stored data to a connected host, and still be fully readable. In some designs, the degaussing field may disable the controller circuit, but the NAND chips themselves remain intact and readable by any off-the-shelf chip reader. NIST SP 800-88 Rev 1 specifically identifies this limitation. For SSDs without a hardware encryption capability, the only NIST-compliant sanitization methods are Cryptographic Erase (if the drive supports hardware encryption and the key can be verified as destroyed) or physical destruction. Physical destruction means shredding the NAND chips to a particle size that precludes data recovery. Reboot Monkey engineers apply drilling or shredding to SSDs and NVMe drives, document the method in the CoD, and photograph the destroyed state to provide evidence of chip-level destruction. Any vendor offering to degauss SSDs as a primary destruction method is not applying NIST SP 800-88 correctly. Ask for the specific NIST method referenced in their CoD before engaging.
  • Degaussing is effective only on magnetic HDDs and tape, not on SSDs or NVMe
  • NAND flash cells store charge states, not magnetic fields: degaussing leaves data intact
  • A degaussed SSD is frequently still bootable and fully readable
  • NIST SP 800-88 Rev 1 specifies Cryptographic Erase or physical destruction for SSDs
  • Reboot Monkey applies drilling or shredding to SSD and NVMe with photographic evidence of chip-level destruction

Global Coverage: Destruction at Any Datacenter in 250+ Cities

Reboot Monkey operates across more than 250 cities in 190 countries. This matters for on-site data destruction because the service requires a trained engineer to be physically present at your datacenter facility on the day of destruction. If your hardware is distributed across multiple sites in different countries, you need a provider who can reach each site without exception. The geographic scope covers the primary datacenter hubs where enterprise equipment is concentrated: Frankfurt, Amsterdam, London, Paris, and Dublin in Europe; New York, Ashburn, Dallas, Los Angeles, Chicago, and Miami in North America; Singapore, Tokyo, Hong Kong, Sydney, and Mumbai in Asia Pacific; Johannesburg, Lagos, Nairobi, and Cairo in Africa; and Sรฃo Paulo and Buenos Aires in South America. The list does not stop at major hubs. Reboot Monkey operates in secondary and tertiary markets where enterprise colocation facilities exist, including markets where no large ITAD vendor maintains a local presence. For multinational enterprises with decommissioning programmes running across regions simultaneously, Reboot Monkey coordinates engineer dispatch across all sites under a single engagement. Each site receives its own CoD documentation set, and consolidated reporting is available for compliance teams managing a multi-region audit. The service is vendor-neutral. Reboot Monkey engineers work inside Equinix, Digital Realty, NTT, CyrusOne, NEXTDC, Interxion, Colt DCD, Corelink, atNorth, and independent carrier-neutral facilities globally. There is no facility exclusivity. If your hardware is in a datacenter that is accessible to Reboot Monkey under standard vendor access protocols, Reboot Monkey can perform destruction there.
  • Available in 250+ cities across 190 countries including all major DC hub markets
  • EMEA: Frankfurt, Amsterdam, London, Paris, Dublin and 70+ additional cities
  • Americas: Ashburn, New York, Dallas, Los Angeles, Sรฃo Paulo and 60+ additional cities
  • APAC: Singapore, Tokyo, Hong Kong, Sydney, Mumbai and 50+ additional cities
  • Africa: Johannesburg, Lagos, Nairobi, Cairo and growing coverage across the continent
  • Vendor-neutral: works inside Equinix, Digital Realty, NTT, NEXTDC, atNorth, and independent facilities

The Reboot Monkey On-Site Destruction Process: Step by Step

Understanding what happens during an engagement removes uncertainty for compliance officers and procurement teams who need to verify the process before contracting. Step 1: Scoping. The client provides an asset list with facility name, cage or rack ID, approximate U positions, and drive types. Reboot Monkey confirms engineer availability and issues an engagement confirmation with the scheduled date and expected arrival window. The scope includes whether witness attestation will be requested and whether Cryptographic Erase should be attempted before physical destruction for qualifying SEDs. Step 2: Facility access. The engineer arrives at the facility's security desk, checks in under the client's pre-authorised visitor access or standard vendor access protocols, and proceeds to the designated cage or suite. Facility access timestamp is recorded. Step 3: Pre-destruction inventory. The engineer photographs each asset in situ, capturing the serial number label and the rack position. The asset list is cross-checked against the physical count. Any discrepancies are noted and escalated to the client contact before destruction begins. Step 4: Destruction. Each drive is removed from the server or storage array and destroyed using the method appropriate for its media type: degaussing then physical destruction for HDDs, physical shredding or drilling for SSDs and NVMe, degaussing then physical destruction for tape. Post-destruction photographs are taken of each asset showing destroyed state. Step 5: Documentation and sign-off. The engineer compiles the asset-level records, captures the client witness signature if requested, and issues the Certificate of Destruction in PDF format before leaving the facility. The client contact receives the CoD the same day. Step 6: Post-service report. Reboot Monkey provides a consolidated service report covering all assets destroyed, methods applied, timestamps, engineer credentials, and facility details. This report is formatted for direct attachment to compliance audit files.
  • Scoping: asset list, facility details, witness requirements confirmed before dispatch
  • Facility access: engineer checks in under pre-authorised vendor access; timestamp recorded
  • Pre-destruction inventory: serial number photographs and asset count cross-check before any destruction begins
  • Destruction: method matched to media type per NIST SP 800-88 Rev 1
  • Same-day CoD: issued before the engineer leaves the facility
  • Post-service report: consolidated documentation formatted for compliance audit files

Partner Certifications and the Chain-of-Custody Framework

Reboot Monkey's on-site destruction service operates within a chain-of-custody framework designed to meet the documentation requirements of regulated industries. The engineer who performs the destruction is identifiable by name and credential number in the CoD. The facility entry and exit timestamps create a verifiable time window. The pre- and post-destruction photographs create visual evidence that the specific serialised asset was destroyed. For clients operating in regulated sectors, the downstream handling of destroyed media is also subject to compliance requirements. Reboot Monkey works with partner facilities holding R2 (Responsible Recycling) and e-Stewards certifications for the processing of destroyed media and e-waste. R2 and e-Stewards are certification standards held by the partner recycling facilities, not by Reboot Monkey directly. When clients ask whether downstream processing is covered by certified partners, the answer is yes, but the certification bodies are R2 and e-Stewards auditing the recycling facility, not Reboot Monkey. This distinction matters for compliance records: the Reboot Monkey CoD covers the destruction event; the recycling partner's documentation covers downstream processing. Clients who need to demonstrate end-to-end chain of custody from destruction through disposal can request the combined documentation package at engagement scoping. This package includes the Reboot Monkey CoD set and the partner facility's e-waste processing records. For ISO 27001 audits, the combined package satisfies Annex A 7.14 (secure disposal or reuse of equipment) across both the destruction event and downstream handling. For SOC 2 Type II engagements, the CoD and photographic evidence set satisfies CC6.5 (logical and physical access controls for system component disposal).
  • Engineer identifiable by name and credential number in every CoD
  • Facility entry and exit timestamps create verifiable time window for audit
  • Downstream partner facilities hold R2 and e-Stewards certifications (partner certs, not Reboot Monkey's own)
  • Combined documentation package available: CoD plus partner recycling records
  • ISO 27001 A.7.14 and SOC 2 CC6.5 satisfied by combined documentation set

HDD Destruction

3.5-inch and 2.5-inch hard disk drives (SATA, SAS, PATA). Degaussing followed by physical destruction. NIST SP 800-88 Purge and Destroy methods. Same-day CoD per asset.

SSD and NVMe Destruction

SATA SSD and NVMe M.2 drives. Physical shredding or drilling to prevent NAND chip recovery. Cryptographic Erase applied first for qualifying SEDs. NIST SP 800-88 Destroy method. Same-day CoD per asset.

Tape Media Destruction

LTO-7, LTO-8, and LTO-9 tape cartridges. Degaussing followed by physical destruction. NIST SP 800-88 Purge and Destroy methods.

Server Flash and Embedded Storage

Flash modules, SmartNICs with onboard storage, and other embedded storage components. Scope confirmed at engagement start. Physical destruction with photographic evidence.

Witness Attestation

Client staff or designated representative can witness the full destruction process. Client signature captured on the CoD at point of destruction.

Same-Day Certificate of Destruction

Asset-level CoD issued in PDF format before the engineer leaves the facility. Contains serial numbers, facility details, destruction method, NIST category, timestamps, and pre- and post-destruction photographs.

Post-Service Compliance Report

Consolidated report covering all assets, methods, engineer credentials, and timestamps. Formatted for direct attachment to GDPR, HIPAA, PCI DSS, ISO 27001, or SOC 2 audit files.

On-Site Data Destruction: Common Questions

What is on-site data destruction and how does it differ from standard ITAD services?

On-site data destruction means a Reboot Monkey engineer travels to your datacenter and destroys your storage media inside your equipment room, without removing it from the building. Standard ITAD services collect your drives, transport them to a processing facility, destroy them later, and issue a certificate after the fact. The on-site model eliminates the transport leg and the custody gap between collection and destruction. The Certificate of Destruction is issued the same day, at the facility where your hardware lives.

Which NIST SP 800-88 sanitization methods does Reboot Monkey apply?

Reboot Monkey applies all three NIST SP 800-88 Rev 1 sanitization categories based on media type and client requirements. Clear (logical overwrite) is used for low-sensitivity HDD repurposing scenarios. Purge (degaussing or Cryptographic Erase) is applied to HDDs and self-encrypting drives. Destroy (physical shredding or drilling) is applied to SSDs, NVMe drives, and any media requiring the highest assurance level. The specific method and NIST category are documented per asset in the Certificate of Destruction. NIST grade levels and three-pass overwrite methods are not part of the NIST 800-88 framework and are not referenced in Reboot Monkey documentation.

Why can't SSDs be destroyed by degaussing?

SSDs and NVMe drives store data as charge states in NAND flash cells. Magnetic fields have no effect on charge states. A degaussed SSD will in most cases still power on and present all stored data to a connected host. The controller circuit may be damaged by the magnetic field in some designs, but the NAND chips themselves remain intact and fully readable using a chip-off recovery approach. NIST SP 800-88 Rev 1 explicitly identifies degaussing as ineffective for flash-based media. For SSDs without hardware encryption, physical destruction is the only NIST-compliant sanitization method.

How does the same-day Certificate of Destruction work?

The engineer photographs each asset before destruction (serial number and rack position visible), destroys it using the method appropriate for the media type, photographs the destroyed state, and compiles the CoD documentation on-site before leaving the facility. The CoD is delivered in PDF format to the client contact on the day of service. It contains asset serial numbers, facility name and address, rack location, destruction method, NIST SP 800-88 category, engineer name, timestamps, and pre- and post-destruction photographs. Client witness signature is included if witness attestation was requested.

How does on-site destruction satisfy GDPR Article 32 requirements?

GDPR Article 32 requires organisations to implement appropriate technical measures to ensure the ongoing confidentiality and integrity of personal data. For decommissioned hardware containing personal data, on-site physical destruction with contemporaneous documentation is the most defensible technical measure available. The on-site model eliminates the transport-phase risk that the off-site model introduces: personal data on a drive in transit is, technically, data in processing without the full security controls of a fixed facility. The same-day CoD per asset closes the compliance window on the day of decommissioning and provides the evidence record required for Article 5(1)(f) accountability obligations.

What does HIPAA require for data destruction, and how does Reboot Monkey comply?

HIPAA 45 CFR 164.310(d)(2)(i) requires covered entities and business associates to implement policies and procedures for the final disposition of electronic protected health information (ePHI) and the hardware on which it is stored. The standard requires that ePHI is rendered unreadable, indecipherable, and unable to be reconstructed. Reboot Monkey applies NIST SP 800-88 Destroy methods (physical destruction) to storage media containing ePHI, issues a same-day CoD per asset, and delivers the documentation directly to the covered entity contact. The CoD constitutes the contemporaneous disposal record required for HIPAA audit defence.

Does Reboot Monkey work inside any datacenter, or only specific facilities?

Reboot Monkey works inside any datacenter accessible under standard vendor access protocols. This includes Equinix facilities globally, Digital Realty and Interxion sites, NTT datacenters, NEXTDC in Australia, atNorth in the Nordics, CyrusOne, Colt DCD, Corelink, and thousands of independent carrier-neutral facilities worldwide. There is no facility exclusivity or preferred-partner restriction. If your hardware is in a facility that allows third-party engineer access (which all major colocation operators do), Reboot Monkey can perform destruction there.

Can our staff witness the destruction process?

Yes. Witness attestation is available and recommended for regulated industries. Your designated representative or internal IT staff can be present throughout the destruction process, from the pre-destruction inventory and serial number check through each destruction event. At the end of the service, your representative signs the Certificate of Destruction, creating a witnessed record. This is documented in the CoD as a named witness signature alongside the engineer's credentials.

What is the difference between R2 and e-Stewards certifications, and does Reboot Monkey hold them?

R2 (Responsible Recycling) and e-Stewards are certification standards for electronics recycling and IT asset disposition facilities. They cover downstream processing of materials after destruction, including responsible handling of hazardous materials, data security in the disposition process, and export compliance for electronic waste. These certifications are held by the partner recycling facilities that Reboot Monkey works with for downstream handling of destroyed media, not by Reboot Monkey directly. Reboot Monkey covers the destruction event and chain-of-custody documentation. Clients who need combined documentation covering both the destruction event and downstream processing can request the consolidated package at engagement scoping.

How quickly can Reboot Monkey schedule on-site destruction?

Standard scheduling is subject to engineer availability in the target city, typically within 1 to 5 business days for planned engagements. For urgent requirements such as breach response or compliance deadline scenarios, Reboot Monkey's 24/7 NOC supports a 4-hour on-site SLA for P1 escalations in cities where engineers are deployed. Contact the team with your facility details and asset scope to confirm availability in your location.

Request a Quote