Secure deletion and destruction of data and media
When data should no longer exist – not today, not tomorrow, not ever
In today's business environment, data represents one of the greatest assets – and at the same time one of the greatest risks. Old disks, servers, laptops or external media often contain trade secrets, personal customer data, financial records or intellectual property. Incorrect or inappropriate deletion can pose a serious security risk, violate the law and irreparable damage to a company's reputation.
That's why at Rosoft, d.o.o. we offer you professional, verified and documented secure deletion of data carriers, including physical destruction when this is the only sensible solution.
Why aren't "Delete" and "Format" enough?
When you delete a file or format a disk, the data doesn't actually disappear. The operating system simply marks the space as "free," but the actual records on the media remain—often fully readable with basic data recovery tools.
This includes:
- Classic rotational hard drives (HDD),,
- SSD in NVMe media nosilce,
- USB drives, CD cards, RAID systems and server data enclosures.
Proper erasure requires dedicated procedurestailored to the media technology and verification of the effectiveness of the erasure, as required by recognized security standards (e.g. ISO/IEC 27002:2022 and ISO/IEC 27040 and as summarized in the NIST technical standard SP 800-88.
Different media - different procedures
Classic rotational hard drives (HDD)
For magnetic disks, data can be reliably removed by:
- by repeatedly overwriting data sectors,
- verifying that all accessible parts of the disk are sanitized,
- if necessary, also by demagnetization or physical destruction.
Such deletion makes data recovery impossible even with advanced forensic methods, which is in line with international guidelines.
Solid state media - SSD and NVMe drives
Flash technologies work differently. Due to wear-leveling,spare blocks and controllers, classic overwriting is not reliable.
Instead, we employ:
- Secure Erase / Cryptographic Erase procedures at the controller level,
- deleting encryption keys on encrypted disks,
- and finally physical destructionwhen software deletion is not demonstrably secure.
This is especially important for SSDs and NVMe drives in servers, laptops, and virtualization environments.
Other media type
Media types, that can also be securely erased:
- USB keys and memory cards,
- external hard drives
- server-type hard drives
- device-embedded memory systems, such as printers, dedicated network appliances, NAS enclosures, etc.
When is physical destruction the best (or only) option?
In certain cases, software erasure is not sufficient or makes no sense. In such cases, we recommend physical destruction of the media, such cases are:
- when the disk is damaged and inaccessible,
- when data on media is of sensitive nature,
- when required by internal policy or legislation,
- when media leaves the organization (sale, write-off, recycling).
Physical destruction (cutting, crushing, piercing, grinding) permanently disables access to data and is a recognized method for the highest level of security destruction of data carriers.
Compliance with legislation and standards
Our procedures are designed in accordance with:
- NIST SP 800‑88 - an internationally recognized framework for disposal of data media and carriers,
- ISO/IEC 27001 (Annex A 7.14) – requires safe disposal or reuse of equipment,
- ISO/IEC 27002:2022– requires control over data security mechanisms,
- GDPR (člen 17 – pravica do izbrisa) – permanent and irrevocable deletion of personal data.
This means that the service is not only technically correct, but also auditable and legally sound..
Documentation and certification
If necessary, we can provide:
- a record of the procedure performed,
- media identification and audit,
- declaration of erasure or destruction method,
- Certificate of Destruction
This is crucial for internal audits, external assessments and demonstrating compliance.
Our secure data erasure service is suitable for:
- companies of all sizes
- accounting and legal departments,
- IT departments and system administrators,
- organizations with ISO 27001 requirements,
- to anyone who doesn't want to risk data leaks.
Securely closing the data lifecycle
Secure deletion is not an expense – it is insurance against risksthat often only becomes apparent when it is too late.
If you want the data to truly disappear, let's make sure it doesn't remain on disk, not in spare blocks, and not in future problems.
Secure data deletion is not just a technical task, but a key element of information security, legal compliance and protecting an organization's reputation. Even after deletion or formatting, recoverable data often remains on data carriers, which poses a serious security and legal risk.
Our secure deletion and destruction procedures for data carriers are based on internationally recognized standards and regulatory requirements, which together ensure that data is permanently, irrevocably removed, and demonstrably unrecoverable.
International standards and legislation
NIST SP 800-88 is an established technical framework for data media sanitization. It defines sanitization levels (Clear, Purge, Destroy) and guides the selection of a method based on the type of media and the sensitivity of the data.
ISO/IEC 27001:2022 (Annex A, control 7.14) requires that data is irreversibly removed or the medium is physically destroyed before the equipment is removed or reused.
ISO/IEC 27002:2022 additionally requires control over deletion processes, traceability, documentation, and evidence of successful deletion.
GDPR – Article 17 (right to erasure) establishes a legal obligation to permanently and irrevocably erase personal data, including from erased or defective media.
In practice, this means that during the secure deletion process, we correctly select the method of secure deletion or data destruction, depending on the type of data carrier - HDD, SSD, NVMe or other carriers, by implementing the method, we permanently disable data recovery, and we document the process in a way that allows for verification and issuance of evidence that is suitable for audits, assessments and regulatory oversight.
This helps you manage the entire data lifecycle – from use to final deletion.
Comprehensive management and monitoring of devices
Application development, system integrations
Control and analysis of business performance
Certified secure data erasure
