Data Sanitisation & Compliance Alignment Overview
Genesis is designed to support standards-aligned data sanitisation across HDD and SSD media. It enables Clear and Purge methodologies, firmware-level erase commands, and auditable reporting suitable for regulated environments.
Accreditation applies to the operating organisation. Genesis provides the technical and evidential framework to support compliance.
Primary Sanitisation Standards
These are the core media sanitisation standards that define Clear and Purge methodologies across regulated environments.
NIST SP 800-88 Rev. 2
Current US guidance for media sanitisation (Clear, Purge, Destroy).
Genesis supports overwrite and firmware-based purge methods consistent with NIST classifications.
UK NCSC Guidance on Media Sanitisation
Current UK government guidance replacing legacy CESG / IS5 standards.
Genesis supports auditable erase processes aligned with NCSC disposal principles.
DIN 66399 (Germany)
Data destruction framework defining protection classes and security levels.
Genesis workflows can be mapped to relevant logical destruction categories.
BSI Technical Guidelines (Germany – e.g. TL-03405)
Secure erasure guidance from the German Federal Office for Information Security.
Genesis supports logged and verifiable sanitisation suitable for BSI-aligned environments.
Industry & Regulatory Frameworks
These frameworks do not define erase methods directly but require controlled, auditable data sanitisation as part of broader information security obligations.
ISO/IEC 27001
Information security management. Media disposal controls supported via Genesis reporting and audit logs.
ISO/IEC 27040
Storage security guidance including sanitisation controls.
PCI DSS (v4.0 / 4.0.1)
Secure removal of cardholder data prior to disposal or reuse. Genesis provides certificate-backed evidence.
HIPAA (US)
Healthcare data disposal safeguards supported through documented erase verification.
GLBA (US)
Financial data protection including secure disposal controls.
FISMA (US Federal)
Supports NIST-aligned sanitisation requirements for federal systems.
R2v3
Responsible Recycling Standard requiring documented data destruction.
e-Stewards
Requires verifiable data sanitisation processes within ITAD environments.
Supported Erase Methods & Protocols
The Genesis family of products implement the following technical erase mechanisms at firmware and protocol level, where supported by the device.
ATA Secure Erase / Enhanced Secure Erase
Firmware-level commands built into ATA HDD and SSD devices.
SCSI Sanitize Commands
Overwrite, block erase, and cryptographic erase (device dependent).
SAS Format Unit
Secure formatting within enterprise SAS environments.
TCG Cryptographic Erase
MEK regeneration for supported Self-Encrypting Drives.
Sanitize Command (ATA / SCSI)
Modern unified sanitisation commands supported by compliant drives.
Legacy / Historical References
The following standards are no longer current but are still referenced in procurement documentation and legacy policies.
NIST SP 800-88 Rev. 1 (Superseded by Rev. 2)
DoD 5220.22-M (Historic reference)
HMG Infosec Standard 5 (Replaced by NCSC guidance)
Gutmann 35-pass method (Obsolete for modern media)
Important Note
Sanitisation effectiveness depends on:
- Selected erase methodology
- Media type (HDD or SSD)
- Interface (SATA, SAS, SCSI)
- Drive firmware capability
Genesis provides controlled execution, verification, and reporting.
Organisational certification remains the responsibility of the operating entity.