FOI 2026/1644

Under the Freedom of Information Act 2000, please provide the following recorded information held by your organisation regarding assurance processes for software-based data erasure of end-of-life IT equipment.

For clarity, this request relates specifically to the erasure of storage media associated with end-of-life hardware such as laptops, desktops, servers, storage arrays, or other data bearing IT equipment. It does not relate to operational deletion of data within live systems, routine account management, or DSP Toolkit self-assessment processes.

Physical destruction methods such as shredding, crushing, degaussing, or disintegration are outside the scope of this request. This request concerns software-based erasure only.

This request seeks to distinguish between confirmation that an erasure process was carried out and recorded evidence demonstrating that the final data state of a specific storage device is irrecoverable. I am not seeking technical configuration detail or security sensitive information, only the recorded assurance basis relied upon when concluding that personal data has been rendered irrecoverable.

Please confirm:

1) Whether your organisation’s policies, contractual terms, or internal procedures require an explicit outcome-based warranty or guarantee that personal data on a specific storage device has been rendered irrecoverable as a final data state following software based erasure.

2) Where software-based erasure of storage media is undertaken internally, what recorded evidential assurance is relied upon to conclude that the final data state of the specific storage device is irrecoverable, as distinct from confirmation that an erasure process was executed.

3) Where software-based erasure is undertaken by a third-party provider:

a. Do the certificates or contractual documents held constitute an explicit outcome-based warranty or guarantee of irrecoverability for each specific storage device processed?

b. Beyond reliance on supplier accreditation or recognised standards including but not limited to ADISA certification, ISO accreditation, NIST alignment, HMG IA standards, NHS Digital guidance, or Data Security and Protection Toolkit assertions, and beyond confirmation that a wiping process was completed, does the organisation hold any recorded, device specific documentation evidencing independent verification, testing, or validation that the data on the storage media has been rendered irrecoverable in practice?

4) If no explicit outcome-based warranty or device specific outcome evidence is held beyond certification, accreditation, or confirmation of process completion, please confirm what recorded form of evidential assurance is relied upon when concluding that personal data has been rendered irrecoverable.

1. NHS Greater Manchester (NHS GM) IT Equipment Disposal and Reuse Management Policy states that where media is removed from a device is it erased using the Active Killdisk wipe software and where a device is to be reused it is securely erased as part of the refurbishment process undertaken by our IT engineering function.

2. NHS GM internal process for devices to be reused are that they reimaged prior to reuse, this resets the TPM thus rendering the existing encrypted data irrecoverable. All builds/rebuilds are logged to a shared report for review as required. Where storage media is removed from a device it is erased using Active Killdisk which records a certificate.

3. NHS GM contract with our IT Disposal provider includes the following clause in relation to erasure or destruction of all data bearing devices: Data carrying items undergo data sanitation process using National Approved NCSC Approved Software.

g. Any data carrying device which fails is removed from parent machine, individually bar coded and on-site physical destruction will take place within a controlled and documented process.

h. Every data carrying device which is received for end of life processing will undergo the same process regardless of any assurances from the Client that they have already destroyed the data.

i. There is a documented quality control process which will test a sample number of hard drives and all other data carrying assets after the data erasure process to ensure that the data has been over written.

4. The above cover assurances for both internal erasure and reuse, as well as third party erasure or destruction of data bearing devices.