GDPR – General Data Protection Regulation – “The EU says GDPR was designed to “harmonize” data privacy laws across all its members’ countries as well as providing greater protection and rights to individuals. GDPR was also created to alter how businesses and other organizations can handle the information of those that interact with them.”
HIPAA – Health Insurance Portability and Accountability Act – “The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.”
ISO 27000 – “ISO/IEC is widely known, providing requirements for an information security management system, though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information trusted to third parties.”
PCI DSS – Payment Card Industry Data Security Standard – A standard created by the the payment card companies to enforce secure data management of consumer card information.
SOx – Sarbanes Oxley – The Sarbanes-Oxley Act of 2002 was created as a way to protect shareholders and the general public by mandating transparency of a companies’ financial disclosures.
GLBA – Gramm-Leach-Bliley Act – “requires financial institutions, companies that offer consumer products or services like loans, financial or investment advice, or insurance, to explain their information-sharing practices to their customers and to safeguard sensitive data.”
NYDFS – New York Cybersecurity Requirements for Financial Services Companies – “The NYDFS Cybersecurity Regulations (23 NYCRR 500) is a new set of regulations from the NY Department of Financial Services (NYDFS) that places new cybersecurity requirements on all covered financial institutions.” These regulations acknowledge the ever-growing threat posed to financial systems by cybercriminals and are designed to ensure businesses effectively protect their customers’ confidential information from cyber attacks.
R2:2013 – “The R2:2013 Standard establishes responsible recycling (“R2″) practices for the recycling of electronics globally. By certifying to this Standard through and accredited third-party Certification Body, electronics recyclers can help prospective purchasers of their services (customers) make informed decision and have increased confidence that used and end-of-life electronic equipment are managed in an environmentally responsible manner, protective of the health and safety of workers and the publicm and that all data on all media devices is secure until destroyed. Thus, certification to R2:2013 allows electronics recyclers to highlight their value to customers, employees, their community and the public.”
NIST 800.171 – Is a security framework published by the National Institute for Standards and Technology to standardize how federal agencies define controlled unclassified information (CUI). The purpose of the guidelines is to “ensure that sensitive federal information remains confidential when stored in nonfederal information systems and organizations.
In addition the above, our data sanitization solutions are customizable to remove data in adherence with all the below standards or guidelines.
• NIST 800-88 – One overwrite pass, SecureErase, and one verification pass
• DoD 5220.22-M – three overwrites with one verification (0’s, 1’s, Random)
• The Fair and Accurate Credit Transactions Act of 2003 (FACTA) – Requires that any financial institutions properly dispose of data that contains consumer information.
• CSEC ITSG-06 – Three overwrite passes (1 or 0, it’s complement, Random)
• Personal Information Protection and Electronic Documents Act (PIPEDA) – Irreversibly destroy the media, including copies and backups.
• EU data protection directive of 1995 – Any data “by which an individual can be identified” is the sole responsibility of the controller. Anyone who touches or has access to your data, wherever they are based, is responsible in the case of a data breach.
• HMG-CESG CPA SC v2-1 – Three overwrite passes (1’s, 0s, Random)
California Senate Bill 1386 – A Californian law requiring businesses that owns or licenses computerized ‘personal information’ to disclose any breach of security.
• Standard Single Pass – One overwrite (0’s)
• HMG IS5 Baseline – One overwrite with verification (0’s)
• HMG IS5 Enhanced – Three overwrite passes with verification (0’s, 1’s, Random)
• Canadian OPS-II – Seven overwrite passes with verification
• Canadian CSEC ITSG-06 – Three overwrite passes with verification
• US Army AR380-19 – Three overwrite passes with verification
• US AFSSI 5020 – Three overwrite passes with verification
• US AFSSI 8580 – Eighteen overwrite passes
• German VSITR – Seven overwrite passes with verification
• NAVSO P-5239-26 – Three overwrite passes with verification
• NCSC-TG-025 – Three overwrite passes with verification
• Russian GOST P50739-95 version 2 – One overwrite pass (Random)
• Australian DSD ACSI-33 (XO-PD) – Three overwrite passes with two verification passes
• Secure Erase – 1 overwrite with verification
• NNSA NAP 15.1-C – Two overwrite passes with verification (0’s and 1’s)
• BSI-2011-VS – Two overwrite passes with two verification passes
• Peter Gurmann – 35 overwrite passes (4 random, 27 complex, 4 random)