According to the General Data Protection Regulation (GDPR), Alfanet S.A. acts as a "processor" for the destruction of the data contained in the equipment. For this purpose, each of our customers receives a simple and fully understandable contract from us (SLA - Service Level Agreement) in which the responsibilities between the controller (i.e. your company) and the processor (i.e. Alfanet) are defined.
Overall, Alfanet guarantees that any confidential data stored in IT & telecommunications equipment will not be accessible to unauthorized persons, due to the following measures it undertakes:
- Data erasure using approved tools by Common Criteria (ISO 15408), CESG, BSI and NATO
- The European Union and the European Data Protection Agency (ADISA) and the European Data Protection Agency (ECSA), using the following standards: ISO, BSI, Commonwealth of Independent States and the European Union.
- Security control of all employees involved
- Physical destruction of equipment containing data
- Provision of data destruction certificates
- On-site (at the customer's premises) data erasure/destruction services
Alfanet provides a wide range of services and solutions that ensure compliance with data protection legislation, government standards and strict security policies for data destruction.
Data is destroyed via fully controlled processes. Each piece of equipment is solely recorded down through an Asset Management System (AMS). The following data destruction methods are provided either at Alfanet SA's secure facility or at the customer's site:
As part of Alfanet's basic processing operations, each equipment's data is erased via an approved software. The erasure method used depends on the customer's security policy and includes one of the following methods:
HMG Infosec Standard 5 Lower Standard, HMG Infosec Standard 5 High Standard, Peter Gutmann's algorithm, DoD 5220 22-M, Bruce Schneier's algorithm, Navy Staff Office Puplication (NAVSO P-5239) for RLL, The National Computer Security Center (NCSC-TG-025), Air Force System Security Instruction 5020, US Army AR380-19, VSITR-Standard/BSI-Method, OPNAVIST 5239.1A, NSA, DoD 5220 22-M ECE, DoD 5220 22-M for FEPROM, NAVSO P-5239-26 (TOP SECRET) for FEPROM, NAVSO P-5239-26 (SECRET or CONFIDENTIAL) for FEPROM, NIST 800-88 Clear/Purge Method I, NIST 800-88 Clear/Purge Method II, NIST 800-88 Clear/Purge Method I+II.
A certified erasure ensures 100% secure data erasure and makes the storage medium reusable and marketable, thus offering additional profit to the customer.
In case the hard disks or other magnetic media are damaged and non-functional or is a customer requirement, Alfanet can offer degaussing which completely destroys the disks making its reuse impossible.
Alfanet is using CE and ANSI certified tools, which comply with EU and governmental compliance standards, such as:
- PCI DSS (Payment Card Industry)
- NIST (National Institute of Standards and Technology)
- NIST SP 800-36
- NIST SP 800-88
- HIPAA (Health Information Portability and Accountability Act)
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- GLBA (Gramm-Leach-Bliley Act)
Alfanet is using a special hard disk destroyer, which completely destroys the disks by cutting and breaking them into pieces. This method destroys the entire hard disk and its internal components, including the data boards. In addition, the hard disk enclosure and the read/write heads are completely deformed and any data recovery is impossible.
Destroyer's destruction method meets all international compliance standards, including PCI DSS (Payment Card Industry), NIST (National Institute of Standards and Technology), NIST SP 800-36, NIST SP 800-88, HIPAA (Health Information Portability and Accountability Act), PIPEDA (Personal Information Protection and Electronic Documents Act), GLBA (Gramm-Leach-Bliley Act).