Controller-level secure erase (Purge), logical sanitisation (Clear), or certified physical destruction (Destroy) for enterprise IT assets, aligned with NIST SP 800-88 Rev.2 and NCSC guidance.
Per Chain-Of-Custody ID, 5% of sanitised data-bearing devices are sampled for forensic recovery attempts using professional tooling. Any failure triggers immediate containment and remediation.
Last reviewed: 11 July 2026

No marketing fog. Here is exactly what happens to your data-bearing media and the evidence you receive.
Booked collection slots and a named point of contact. On-site or off-site destruction planned around your access windows — no drives left in limbo.
Every device is processed to NIST SP 800-88 Rev.2 or physically destroyed, aligned with GDPR and current NCSC secure sanitisation guidance. One Certificate of Destruction (CoD) per Chain-Of-Custody order, with all devices and methods, plus full chain-of-custody traceability.
Drives and devices that pass verification and retain resale value can be recovered, with a transparent value share back to you. See asset recovery & buyback.
Every device is logged by serial number, transported under chain of custody by our Environment Agency registered carrier, and processed at our licensed UK facility in Mitcham — never sold on to an untracked offshore broker. Any device that fails sanitisation or verification is diverted to controlled physical destruction. For the full enterprise workflow, see what actually happens to your servers.
We lead with paperwork, not promises. Every registration below is independently checkable, and every project is delivered against recognised UK standards.
| Credential | Reference | Issued / recognised by | What it proves |
|---|---|---|---|
| Waste Carrier Registration | CBDU351026 | Environment Agency | Legal authority to transport and carry controlled waste and end-of-life IT across the UK. |
| WEEE Treatment Exemption (T11) | EXP/UP3043JD | Environment Agency | Authorised to treat waste electrical and electronic equipment for reuse and recycling. |
| ICO Data Protection Registration | ZB787416 | Information Commissioner's Office | Registered to process personal data in line with UK GDPR and the Data Protection Act 2018. |
| Cyber Essentials | Certified | IASME (NCSC scheme) | Independently verified baseline cyber-security controls protecting your data while in our custody. |
| ADR 1.3 Dangerous Goods Awareness (Driver Training) | Certified | EcoStar (Dangerous Goods Training Online) | Collection drivers are trained to handle and transport equipment containing lithium batteries (UN3481, Class 9) in line with ADR dangerous goods rules. |
Standards we work to
We can supply our registrations, insurance certificates, and sample destruction outputs as part of your supplier due diligence.
Deleting or formatting isn’t enough—data can often be recovered using simple tools.
UK businesses lose on average £3M+ per breach from compromised end-of-life devices.
GDPR and sector-specific regulations demand verifiable, certified data destruction.
We classify each asset by device type, apply the correct erasure tier, verify outcomes through forensic sampling, and issue one Certificate of Destruction (CoD) per Chain-Of-Custody order.
Tier 1: On-device verified sanitisation
Tier 2: Controlled lab sanitisation
Tier 3: High-assurance specialist sanitisation
Select 5% of sanitised devices per Chain-Of-Custody ID.
Attempt data recovery using professional tooling.
Record assessment outcomes for audit evidence.
After processing and verification, we issue One Certificate of Destruction (CoD) per Chain-Of-Custody order.
Your CoD includes all devices, serial numbers, and applied methods in a single audit-ready document.
Every asset follows a capability-led process aligned with NIST SP 800-88 Rev.2, from intake to final certification.
Assets recorded for serial-level traceability.
Firmware & FTL analysis determines sanitisation method.
NIST SP 800-88 Rev.2 compliant erasure or physical destruction.
Forensic recovery on a 5% audit sample to validate success.
One Certificate of Destruction (CoD) per Chain-Of-Custody order, listing all devices and methods.
Meets GDPR and ISO 27001 standards. Reports archived for our 18-year business history.
We erase or physically destroy all common forms of digital media. Nothing leaves your organisation in a recoverable state.
Complete erasure or shredding of all spinning and solid-state drives.
Secure destruction of legacy LTO and DAT backup media.
Shredding and disposal of CDs, DVDs, and Blu-ray discs.
Certified erasure or destruction of smartphones and tablets.
Every erasure and destruction process is fully documented and issued as One Certificate of Destruction (CoD) per Chain-Of-Custody order, with secure archive retention.
Flash-based solid-state drives cannot be reliably sanitised using simple overwriting. Peer-reviewed research (Wei et al., UCSD, 2011) confirms that SSDs retain digital remnants even after many overwrite passes due to controller behaviour and the internal architecture of flash memory.
To achieve a verifiable and auditor-acceptable outcome, SSD processing follows a capability-led workflow:
This multi-stage process is the foundation of TFix's SSD sanitisation workflow, ensuring GDPR-compliant, NIST SP 800-88 Rev.2 and NCSC Secure Sanitisation Guidance aligned, audit-ready data sanitisation for all flash-based media.
Key details about our secure data erasure and destruction services.
We process HDDs, SSDs, NVMe media, backup tapes, optical media, servers, and mobile devices. Method selection is capability-led and mapped to your policy and regulatory requirements.
One Certificate of Destruction (CoD) per Chain-Of-Custody order. Each order is documented in one serial-linked CoD listing all devices and applied methods, suitable for GDPR, ISO 27001, and internal audit records.
Depending on media capability and policy requirements, we apply controller-level purge, verified logical sanitisation where appropriate, or physical destruction. Every outcome is logged and evidenced.
Any failed device is immediately diverted to controlled physical destruction. This enforces permanent data elimination and maintains compliance with GDPR and NIST SP 800-88 Rev.2.
Sanitisation (Clear) removes data while preserving media for potential reuse. Purge and physical destruction are used where higher assurance is required; all outcomes are recorded on One Certificate of Destruction (CoD) per Chain-Of-Custody order.
SSDs follow a capability-led workflow. Where supported, controller-level purge (NVMe Sanitize or ATA Secure Erase) is applied. Where purge is unavailable and policy permits, verified logical sanitisation is used. Devices that cannot be reliably sanitised are physically destroyed.
Yes. We provide the same certified erasure and physical destruction process, per-device Certificate of Destruction, and audit-ready documentation to councils, schools, colleges, and public bodies. See our public sector and education ITAD page for procurement-framework and social-value reporting details.
Every collection is assigned a single Chain-Of-Custody ID that groups all devices processed under that order. It links your transfer documentation, sanitisation or destruction records, forensic sampling results, and final Certificate of Destruction, so every device can be traced back to one auditable order reference.
Erasure is attempted first wherever it is capability-led and policy-permitted. Devices go through multiple independent erasure attempts across different connection methods before any escalation to physical destruction, so destruction is used only when reliable erasure genuinely cannot be completed.
We sample 5% of sanitised data-bearing devices per Chain-Of-Custody ID and attempt professional-grade data recovery. A pass requires no mountable file system and no previewable or coherent user data. If any recoverable data is found, the entire batch is quarantined, related certificates are suspended from release, and management is notified immediately.
The resale value of your decommissioned IT hardware could offset your data destruction costs.
Our automated SSD erasure workflow means we no longer charge a premium for SSDs.
One low rate for all loose drive types.
For loose HDDs, SSDs, and Tapes.
Volume discount for loose media.
Helpful reads on common questions, real scenarios, and what to expect.
Real project outcomes from UK organisations we've worked with.
Not a consumer-device service
This workflow is designed for business assets, enterprise governance, and documented chain-of-custody rather than one-off household devices.
Not every drive needs physical shredding
If value recovery is possible and your policy allows verified erasure, full physical destruction may be unnecessarily expensive. See our eradication methods comparison.
Best when evidence matters
This page is for teams who need certificates, media-specific method choice, and audit-ready outputs rather than generic disposal.
If destruction is part of a broader device disposal programme, use the UK WEEE & Carbon Savings Calculator to estimate likely recycling impact alongside compliance outputs.
Still deciding?
We’ll confirm media type, compliance requirements, and processing method before scheduling.