When the user is retiring systems, upgrading storage and servers, returning leased equipment, or redeploying storage devices, it is critical to protect the company information they contain, but simply erasing the used disks is not enough to make the data permanently inaccessible
Sanitizing equipment and surfaces requires two steps: cleaning and sanitizing. Cleaning removes the soil deposits, and sanitizing (sterilizing) destroys microbes that are left on the clean surface. If the surface is still dirty, the soil protects the microbes from sanitizing agents.
Once you no longer require backed-up data or its expiration date has passed, you must either archive or destroy it depending on your organization's data retention policies. If you store data on site, you might use various data sanitization techniques to fully destroy it, based on the storage medium. If possible, obtain a certificate of destruction, so that in the event of an IT organization audit, the auditor can examine and verify evidence of data destruction activities.
If you store data off site, such as in cloud backup storage, your cloud vendor must destroy your customer data for you. You must then verify that the data has been properly and fully destroyed and cannot be recovered. Before engaging with cloud storage or other managed service provider, research what process it uses for data destruction and understand how the firm certifies complete destruction of data. An off-site data storage company's failure to certify data destruction means that data could possibly be recovered, especially if the storage vendor suffers a cyber-attack that obtains access to customer data.