We were asked if we knew of a media erasing tool that provided a certificate of destruction. We didn’t. So we wrote one.
It’s a very simple linux utility (Windows coming soon!) that performs a low level overwrite per your needs, which is verifiable for third party inspection, and produces a certificate you can use as proof of destruction.
It’s going live on the GSA website soon, but if you’re not government and would like a copy, please contact us at 610-810-1727 or via sales@this site until we get our civilian sales side set up.
Verification and validation has been coming up quite often recently in conversations with client lawyers. It seems there are a number of litigants relying on systems data or log files information that have not validated their data properly and are suffering the consequences of poor data management practices as a result.
V&V, and data management practices, are well developed standards dating back decades that all IT shops should be incorporating into their standards and practices for systems and data administration.
If the foundation data isn’t right, the business operations won’t be right. In some cases, notably 21 CFR 11, V&V is a requirement. But even if it’s not a legal compliance issue, it should be part of normal IT business practices at every company because of the inherent risk in ignoring V&V.
If your risk management program doesn’t have a V&V component, you might be missing a big vulnerability.
As always, we’re here to help, if you need us.