Certificate of Destruction

A Certificate of Destruction is the document that proves your media was destroyed, including when, how, and to which standard. It is the evidence auditors and regulators ask for, not a marketing receipt. This page explains what a defensible certificate must contain, who relies on it, and how Data Destruction Inc. issues one for every job.

Top 10 ways to protect privacy guide image dd - hard drive shredding | secure paper shredding | hdd wiping

TOP 10 WAYS TO PROTECT YOUR PRIVACY NOW!

DOWNLOAD YOUR FREE GUIDE

Related Options

Onsite-hard-drive-shredding-dark-blue

Chain of Custody

An unbroken, serialized record that tracks every asset from intake through pickup, transport, and the destruction event, with each handoff signed and timestamped under tamper-evident seal. Provides 100% per-asset accountability behind the certificate.

Data-destruction-services-dark-blue (2)

Witnessed Destruction

An observed, attested destruction event where your employee, auditor, or regulator watches every asset destroyed, in person or by live video. A named witness, serial-number reconciliation, and timestamped attestation are bound to the record.

Hard-drive-wiping-solutions-dark-blue

Hard Drive Shredding

Industrial shredding that reduces drives to a 6 mm particle size, or 2 mm for classified media, meeting the NIST 800-88 r2 Destroy standard. Available on-site or at a secured facility, with fragments routed to certified recycling.

Witnessed-document-shredding-icon-dd (1)

Hard Drive Destruction

Physical and cryptographic destruction of data-bearing drives across every NIST 800-88 r2 method, including shredding, crushing, degaussing, and cryptographic erase. Performed on-site or at a secured facility under sealed chain of custody.

What a Certificate of Destruction Is

A Certificate of Destruction (CoD) is a formal record stating that specific media was destroyed under a defined method and standard on a specific date. It converts a physical event into defensible evidence. A certificate is only as good as the detail it carries: a generic one-line statement satisfies no auditor, while a serialized, itemized certificate stands up to review.

The certificate is the endpoint of a documented process that begins at chain of custody and ends at the destruction event. For the underlying reason destruction must be evidenced at all, see data remanence explained.

What a Defensible Certificate Includes

Bottom line: a certificate that lists serial numbers and a NIST 800-88 r2 standard reference is defensible; a bulk one-line count is not.

Every Certificate of Destruction issued by Data Destruction Inc. includes:

  • Serial numbers of each destroyed asset, itemized rather than counted in bulk.

  • Destruction method (shred, crush, degauss, or cryptographic erase) and the equipment used.

  • Standard reference, specifically the NIST SP 800-88 r2 category satisfied (Destroy or Purge).

  • Date and location of the destruction event.

  • Technician who performed the destruction.

  • Witness attestation, where witnessed destruction was elected.

  • Chain-of-custody reference linking the certificate to the custody log.

A certificate missing serial numbers or a standard reference is the most common audit failure we are asked to remediate. 

Why It Matters

A properly itemized Certificate of Destruction is accepted as disposal evidence under:

Framework

What the certificate evidences

HIPAA

PHI was rendered unreadable and indecipherable

GLBA Safeguards Rule

Customer financial data was securely disposed

FACTA Disposal Rule

Consumer-report information was destroyed

CMMC media sanitization

Controlled CUI media was sanitized to standard

SOX data retention

End-of-retention records were disposed

Internal auditors, external assessors, cyber-insurance carriers, and regulators all rely on the same document.

Certificate Failures Auditors Reject

Most certificates that fail an audit fail for the same handful of reasons. Knowing them is the fastest way to judge whether the document you hold is defensible.

  • Bulk counts instead of serial numbers. A certificate that says “42 hard drives destroyed” proves a quantity, not which drives. If an auditor asks whether a specific asset tag was destroyed, only an itemized serial-number list answers the question. This is the single most common weakness we are asked to remediate.

  • No standard reference. A certificate that names no sanitization standard cannot show the method was adequate. A defensible certificate cites the NIST SP 800-88 r2 category satisfied, Destroy or Purge, so the assurance level is explicit.

  • Method and equipment omitted. “Securely destroyed” is not a method. The certificate should state shred, crush, degauss, or cryptographic erase, and for shredding the particle size, because that is what ties the result to the standard.

  • No date, technician, or custody link. A certificate with no date cannot be placed on a compliance timeline, and one with no link to a chain-of-custody record cannot prove the listed drives are the drives that were collected.

  • Not re-issuable. A vendor that cannot reproduce a certificate years later leaves you exposed when an audit arrives after the original is misplaced.

When a certificate carries all of these, it stops being a receipt and becomes evidence: an auditor, assessor, or cyber-insurance carrier can trace each destroyed asset from collection to destruction without taking your word for it. When any are missing, the disposal is effectively undocumented no matter what the page says.

How Data Destruction Inc. Issues Your Certificate

A serialized Certificate of Destruction is issued for every job: within 24 hours of an off-site destruction event, or before the crew leaves for on-site service. Each certificate is tied to the chain-of-custody record and, for recurring clients, consolidated under a scheduled destruction program audit file. Certificates are retained and re-issuable on request for the life of your compliance record.

Frequently Asked Questions

Is a Certificate of Destruction legally required?

No single law names the document, but HIPAA, GLBA, FACTA, and similar rules require you to prove secure disposal. A serialized certificate is the standard way to meet that burden of proof.

What makes a certificate “defensible”?

Itemized serial numbers, the destruction method, the NIST 800-88 r2 standard reference, the date, the technician, and a chain-of-custody link. A bulk count without serial numbers is the most common weakness.

How fast do I receive mine?

Within 24 hours of an off-site destruction event, or on-site before our crew leaves your facility.

Can you re-issue a lost certificate?

Yes. Certificates are retained and can be re-issued on request to support audits years later.

Does every destruction method get a certificate?

Yes. Shredding, crushing, degaussing, and cryptographic erase all produce a serialized Certificate of Destruction.

Should the certificate be issued by the company that destroyed the media?

Yes. A defensible Certificate of Destruction comes from the party that performed the destruction and held the chain of custody, because that is who can attest to the method, date, and serial numbers. A certificate generated by anyone who did not handle and destroy the media carries no evidentiary weight in an audit.

Get Your Certificate of Destruction

Ask to see a sample certificate before you commit; every Data Destruction Inc. job closes with a serialized, audit-grade Certificate of Destruction backed by a documented chain of custody. Request a quote or call (866) 850-7977.

LET US CONTACT YOU

DATA DESTRUCTION LOCATIONS

SHREDDING SERVICES DALLAS

1717 Mckinney Ave. Suite 700
Dallas, TX 75202-1236
(469) 949-2840

SHREDDING SERVICES NEW YORK CITY

100 Church Street. 8Th Floor
New York City, NY 10007-2630
(516)-990-4096

SHREDDING SERVICES SAN JOSE

2033 Gateway Place. 5Th Floor
San Jose, CA 95110
(408) 459-4418

SHREDDING SERVICES SAN DIEGO

350 10Th Avenue. Suite 1000
San Diego, CA 92101-7496
(619) 916-4696

SHREDDING SERVICES LOS ANGELES

633 West Fifth Street. 26Th And 28Th Floors
Los Angeles, CA 90071
(213) 205-3688

SHREDDING SERVICES IRVINE

7545 Irvine Center Drive. Irvine Business Center, Suite 200
Irvine, CA 92618
(949) 793-7178

SHREDDING SERVICES WASHINGTON

601 Pennsylvania Ave. Nw, South Building, Suite 900
Washington, DC 20004
(240) 266-3056

LEARN MORE ABOUT OUR SERVICES
Latest Blog posts
SEARCH LOCATION WITH ZIP CODE

download your free guide!

The Top 10 Ways to Protect Your Privacy Right Now!

Learn the secrets of our 50 destruction professionals as they delve into the top ways to protect your privacy. Whether your company is big or small, get FREE insider tips to protect your data.