IT Security

Information Security Management System (ISMS)

How is SocialBox.Biz Helping companies increase impact ?

SocialBox.Biz team can coach your IT department on certified, safe methods of wiping” sensitive data out of old hard drives as well as hard drive removal processes on-site. By working with SocialBox.Biz a not-for-profit community interest company social enterprise and paying for some of our commercial services you increase social impact for your company. What some companies are also doing us deploying their volunteering hours to remove the drives on site themselves, and then send us the machines that we are still able re-use with our open source live drive innovation.

Using the services of our social enterprise is vital in measuring the sustainability of your company.  As more and more companies now get measured on their social and environmental impact and it can even affect their share price, its great way to further build up governance and maintain strong ongoing impact.

presentation

Some time ago, SocialBox.biz director made a presentation to over 50 representatives of top London firms at the Environmental Best Practices event. The subject was “Secure Data Removal to enable Re-use and donation of IT Equipment” At the presentation, it was confirmed that sensitive information can be securely removed from all machines as long as companies use a reliable tools for data removal.

For example SocialBox.biz works with clients on addressing specific needs for data removal and where needed arranges appropriate on-site hard drive removal and/or wiping services and can advise on the most secure shredding services for data storage components

Companies that do not have items available at this time can still participate via one of our impact plans and increase their social impact: https://www.socialbox.biz/corporate-impact/

Corporate Impact Problems Solved

  

SocialBox.biz offers consulting services to companies on the relevant ISO 27001 aspects relating to re-use of old technology and follows relevant Information Security based policies & procedures such as those of ISO 27001.

Some of our and our partners physical and digital security processes include:

( please contact us for a quote )

  • On-site services and coaching for the IT team on data / drive removal. 
  • Storage in a secure warehouse in designated areas
  • Secure boxes for storage of items containing data
  • Limited access to items with data by authorised and vetted personnel only
  • Secure transportation in tracked vehicles
  • Collection tracking paperwork at the time of collection and delivery
  • Serial numbers reports
  • Software and hardware solutions for data removal
  • Secure data removal with certificates provided and serial numbers of hard drives where needed
  • Procedure & processes for quality control and double checking data removal

Additional IT Security solutions include:

Arranging vetted onsite or offsite data removal or hard disk drive and other storage device destruction service using a specialist shredder that shreds hard drives and storage devices into appropriate small pieces as per approves standard preventing recovery of data.  Please speak with your project leader or contact us 

Different data erasure standards available to clients via specialist software license that SocialBox.Biz Community Interest Company has purchased:

Erase/Wipe Methods

1 – One Pass Zeros

When using One Pass Zeros, the number of passes is fixed and cannot be changed. When the write head passes through a sector, it writes only zeros (0x00 characters).

2 – One Pass Random

When using One Pass Random, the number of passes is fixed and cannot be changed. When the write head passes through a sector, it writes series of random characters.

3 – User Defined

You indicate the number of times the write head passes over each sector. Each overwriting pass is performed with a buffer containing the pattern you specified (ASCII string).

4 – US DoD 5220.22-M

The write head passes over each sector three times. The first time is with zeros (0x00), the second time with 0xFF and the third time with random characters. There is one final pass to verify random characters by reading.

5 – US DoD 5220.22-M (ECE)

The write head passes over each sector seven times (0x00, 0xFF, Random, 0x96, 0x00, 0xFF, Random). There is one final pass to verify random characters by reading.

6 – US DoE M205.1-2 (US Department of Energy M205.1-2)

The write head passes over each sector seven times (Random, Random, 0x00). There is one final pass to verify zeros by reading.

7 – Canadian OPS-II

The write head passes over each sector seven times (0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, Random). There is one final pass to verify random characters by reading.

8 – Canadian CSEC ITSG-06

The write head passes over each sector three times (0xFF, 0x00, Random). There is one final pass to verify random characters by reading.

9 – German VSITR

The write head passes over each sector seven times . (0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xAA). There is one final pass to verify random characters by reading.

10 – Russian GOST p50739-95

The write head passes over each sector two times. (0x00, Random). There is one final pass to verify random characters by reading.

11 – US Army AR380-19

The write head passes over each sector three times. The first time with 0xFF, second time with zeros (0x00) and the third time with random characters. There is one final pass to verify random characters by reading.

12 – US Air Force 5020

The write head passes over each sector three times. The first time with random characters, second time with zeros (0x00) and the third time with 0xFF. There is one final pass to verify random characters by reading.

13 – British HMG IS5 Baseline

Baseline method overwrites disk’s surface with just zeros (0x00).

There is one final pass to verify random characters by reading.

14 – British HMG IS5 Enhanced

Enhanced method – the write head passes over each sector three times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters.

There is one final pass to verify random characters by reading.

15 – Navso P-5329-26 RL

RL method – the write head passes over each sector three times (0x01, 0x27FFFFFF, Random). 

There is one final pass to verify random characters by reading.

16 – Navso P-5329-26 MFM

MFM method – the write head passes over each sector three times (0x01, 0x7FFFFFFF, Random).

There is one final pass to verify random characters by reading.

17 – NCSC-TG-025

The write head passes over each sector three times (0x00, 0xFF, Random). There is one final pass to verify random characters by reading.

18 – NSA 130-2

The write head passes over each sector two times (Random, Random). There is one final pass to verify random characters by reading.

19 – Bruce Schneier

The write head passes over each sector seven times (0xFF, 0x00, Random, Random, Random, Random, Random). There is one final pass to verify random characters by reading.

20 – Gutmann

The write head passes over each sector 35 times. For details about this, the most secure data clearing standard, you can read the original article at the link below: www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

21, 22, 23 – NIST 800-88

Supported three NIST 800-88 media sanitization standards:

1. The write head passes over each sector one time (0x00).

2. The write head passes over each sector one time (Random).

3. The write head passes over each sector three times (0x00, 0xFF, Random).

For details about this,the most secure data clearing standard, you can read the original article at the link below: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf

24 – Australian ISM-6.2.93

The write head passes over each sector once with random characters. There is one final pass to verify random characters by reading.

Many well known businesses and universities use the same software.

Further details from SocialBox.Biz website:

https://www.socialbox.biz/the-socialbox-biz-guide-to-releasing-old-yet-still-useful-laptops-from-offices-to-those-that-need-them-the-most/