1. Purpose
TFix Ltd is committed to providing secure, compliant, and certified data destruction services for all digital media entrusted to us. This policy sets out the methods we use, the certification process, and our compliance with applicable regulations to ensure complete, irreversible elimination of data.
2. Methods of Data Destruction
We use industry-recognised and approved methods to destroy data depending on media type and client requirements:
- Software erasure using certified tools such as Blancco, WhiteCanyon, and KillDisk.
- ATA Secure Erase for SSDs and supported devices.
- Multi-pass overwriting (meeting DoD and NIST standards).
- Physical shredding and crushing of hard drives, SSDs, tapes, and optical media when erasure is not possible or not required.
3. Certification and Reporting
- Each destruction process is fully documented.
- Clients receive a tamper-proof Certificate of Destruction or Certificate of Erasure Report for compliance purposes.
- Reports include serial numbers, asset details, and destruction method used.
- Certificates meet the requirements of GDPR, NHS Digital, MOD standards, and financial sector regulations.
4. Handling of Failed Erasures
- If software erasure fails or a device cannot be securely wiped, the drive or media is immediately destroyed physically through shredding or crushing.
- No device leaves TFix facilities with data remaining on it.
5. Compliance and Standards
Our processes comply with:
- UK GDPR and the Data Protection Act 2018.
- WEEE regulations for responsible recycling of destroyed hardware.
- NHS Digital data security and protection requirements.
- MOD and financial industry standards for secure data handling and destruction.
- ISO 27001 information security principles.
6. Security
- All data-bearing assets are handled in secure facilities with restricted access.
- Transport of assets is carried out in sealed containers using GPS-tracked vehicles.
- Chain of custody is documented from collection through to final destruction.
7. Client Assurance
By using TFix Ltd for data destruction, clients are assured that:
- All data is permanently and irreversibly destroyed.
- Documentation is provided for audit and compliance purposes.
- Any residual equipment is recycled responsibly in line with environmental regulations.