Can You Securely Wipe and Reuse an SSD? (NIST 800-88r2 Guidelines)
For IT managers and system administrators, the question of whether to shred or reuse Solid State Drives (SSDs) is a common dilemma. Many organisations want to recover residual value from their decommissioned hardware, but fear that leaving the storage drive intact poses a security risk, while removing it severely limits the unit's resale market.
The short answer: Yes, you can safely wipe and reuse an SSD, provided you utilise a capability-led workflow rather than standard overwriting.
Why Standard Wiping Fails on SSDs In the past, wiping a hard drive was straightforward: you overwrote every sector with zeros. However, SSD architecture renders this approach ineffective.
-
The Flash Translation Layer (FTL): SSDs constantly remap data to different physical locations to extend the life of the drive (wear levelling). A standard wipe may leave significant percentages of data intact in physical pages the software cannot access.
-
Digital Remnants: Research confirms that without the correct firmware commands, SSDs can retain data even after multiple overwrite passes due to internal controller behaviour.
The TFix Verifiable Destruction Workflow
To securely reuse a drive, you must move beyond basic formatting. At TFix, our verifiable destruction workflow follows the NIST 800-88r2 framework and is tailored to the specific media type.
1. Certified Software & In-House Erasure
For standard drives, we utilise multi-pass overwriting and audited tools (such as Blancco or WhiteCanyon). This generates tamper-proof reports accepted under ISO, GDPR, NHS, and MOD regulations.
2. ATA Secure Erase (The Gold Standard for Reuse)
To overcome the FTL issue in SSDs, we execute firmware-level secure erase commands (such as built-in ATA or NVMe Sanitize). This instructs the drive’s own controller to flush all storage cells simultaneously, rendering data recovery impossible and leaving the drive fully functional for resale.
3. Verification & Auditing
Erasure is only as good as its verification. At TFix, our technicians perform forensic data recovery attempts on a 5% audit sample of all sanitised batches to guarantee zero data retrievability.
4. Physical Destruction
If an SSD is heavily degraded, damaged, or fails the software/firmware erasure process, it is immediately quarantined. We then execute physical destruction (shredding or crushing) to guarantee data elimination.
Maximising ROI Through Asset Recovery
Many businesses assume that certified data destruction is a sunk cost. In reality, securely sanitising SSDs rather than shredding them preserves the integrity of the laptop or server. Under the TFix Asset Recovery model, this significantly increases the hardware's secondary market value, allowing the resale profits to completely offset your WEEE collection and data destruction fees.
The TFix Verification Guarantee
Whether your media is erased or physically destroyed, TFix provides:
-
Serial-Level Traceability: Every asset is tracked from intake to completion via our portal.
-
Tamper-Proof Certification: Verifiable Certificates of Destruction or Erasure Reports are generated for every individual device.
-
Compliance Peace of Mind: Strict adherence to GDPR, ISO 27001, and NIST 800-88r2.
Ready to retire your hardware securely and sustainably?