Certificate of Destruction
A Certificate of Destruction is the document that proves your media was destroyed, including when, how, and to which standard. It is the evidence auditors and regulators ask for, not a marketing receipt. This page explains what a defensible certificate must contain, who relies on it, and how Data Destruction Inc. issues one for every job.
TOP 10 WAYS TO PROTECT YOUR PRIVACY NOW!
DOWNLOAD YOUR FREE GUIDE
Related Options

Chain of Custody
An unbroken, serialized record that tracks every asset from intake through pickup, transport, and the destruction event, with each handoff signed and timestamped under tamper-evident seal. Provides 100% per-asset accountability behind the certificate.

Witnessed Destruction
An observed, attested destruction event where your employee, auditor, or regulator watches every asset destroyed, in person or by live video. A named witness, serial-number reconciliation, and timestamped attestation are bound to the record.

Hard Drive Shredding
Industrial shredding that reduces drives to a 6 mm particle size, or 2 mm for classified media, meeting the NIST 800-88 r2 Destroy standard. Available on-site or at a secured facility, with fragments routed to certified recycling.

Hard Drive Destruction
Physical and cryptographic destruction of data-bearing drives across every NIST 800-88 r2 method, including shredding, crushing, degaussing, and cryptographic erase. Performed on-site or at a secured facility under sealed chain of custody.
What a Certificate of Destruction Is
A Certificate of Destruction (CoD) is a formal record stating that specific media was destroyed under a defined method and standard on a specific date. It converts a physical event into defensible evidence. A certificate is only as good as the detail it carries: a generic one-line statement satisfies no auditor, while a serialized, itemized certificate stands up to review.
The certificate is the endpoint of a documented process that begins at chain of custody and ends at the destruction event. For the underlying reason destruction must be evidenced at all, see data remanence explained.
What a Defensible Certificate Includes
Bottom line: a certificate that lists serial numbers and a NIST 800-88 r2 standard reference is defensible; a bulk one-line count is not.
Every Certificate of Destruction issued by Data Destruction Inc. includes:
Serial numbers of each destroyed asset, itemized rather than counted in bulk.
Destruction method (shred, crush, degauss, or cryptographic erase) and the equipment used.
Standard reference, specifically the NIST SP 800-88 r2 category satisfied (Destroy or Purge).
Date and location of the destruction event.
Technician who performed the destruction.
Witness attestation, where witnessed destruction was elected.
Chain-of-custody reference linking the certificate to the custody log.
A certificate missing serial numbers or a standard reference is the most common audit failure we are asked to remediate.Â
Why It Matters
A properly itemized Certificate of Destruction is accepted as disposal evidence under:
Framework | What the certificate evidences |
|---|---|
PHI was rendered unreadable and indecipherable | |
Customer financial data was securely disposed | |
Consumer-report information was destroyed | |
Controlled CUI media was sanitized to standard | |
End-of-retention records were disposed |
Internal auditors, external assessors, cyber-insurance carriers, and regulators all rely on the same document.
Certificate Failures Auditors Reject
Most certificates that fail an audit fail for the same handful of reasons. Knowing them is the fastest way to judge whether the document you hold is defensible.
Bulk counts instead of serial numbers. A certificate that says “42 hard drives destroyed” proves a quantity, not which drives. If an auditor asks whether a specific asset tag was destroyed, only an itemized serial-number list answers the question. This is the single most common weakness we are asked to remediate.
No standard reference. A certificate that names no sanitization standard cannot show the method was adequate. A defensible certificate cites the NIST SP 800-88 r2 category satisfied, Destroy or Purge, so the assurance level is explicit.
Method and equipment omitted. “Securely destroyed” is not a method. The certificate should state shred, crush, degauss, or cryptographic erase, and for shredding the particle size, because that is what ties the result to the standard.
No date, technician, or custody link. A certificate with no date cannot be placed on a compliance timeline, and one with no link to a chain-of-custody record cannot prove the listed drives are the drives that were collected.
Not re-issuable. A vendor that cannot reproduce a certificate years later leaves you exposed when an audit arrives after the original is misplaced.
When a certificate carries all of these, it stops being a receipt and becomes evidence: an auditor, assessor, or cyber-insurance carrier can trace each destroyed asset from collection to destruction without taking your word for it. When any are missing, the disposal is effectively undocumented no matter what the page says.
How Data Destruction Inc. Issues Your Certificate
A serialized Certificate of Destruction is issued for every job: within 24 hours of an off-site destruction event, or before the crew leaves for on-site service. Each certificate is tied to the chain-of-custody record and, for recurring clients, consolidated under a scheduled destruction program audit file. Certificates are retained and re-issuable on request for the life of your compliance record.
Frequently Asked Questions
Is a Certificate of Destruction legally required?
No single law names the document, but HIPAA, GLBA, FACTA, and similar rules require you to prove secure disposal. A serialized certificate is the standard way to meet that burden of proof.
What makes a certificate “defensible”?
Itemized serial numbers, the destruction method, the NIST 800-88 r2 standard reference, the date, the technician, and a chain-of-custody link. A bulk count without serial numbers is the most common weakness.
How fast do I receive mine?
Within 24 hours of an off-site destruction event, or on-site before our crew leaves your facility.
Can you re-issue a lost certificate?
Yes. Certificates are retained and can be re-issued on request to support audits years later.
Does every destruction method get a certificate?
Yes. Shredding, crushing, degaussing, and cryptographic erase all produce a serialized Certificate of Destruction.
Should the certificate be issued by the company that destroyed the media?
Yes. A defensible Certificate of Destruction comes from the party that performed the destruction and held the chain of custody, because that is who can attest to the method, date, and serial numbers. A certificate generated by anyone who did not handle and destroy the media carries no evidentiary weight in an audit.
Get Your Certificate of Destruction
Ask to see a sample certificate before you commit; every Data Destruction Inc. job closes with a serialized, audit-grade Certificate of Destruction backed by a documented chain of custody. Request a quote or call (866) 850-7977.
LET US CONTACT YOU
DATA DESTRUCTION LOCATIONS
SHREDDING SERVICES DALLAS
1717 Mckinney Ave. Suite 700 Dallas, TX 75202-1236 (469) 949-2840
SHREDDING SERVICES NEW YORK CITY
100 Church Street. 8Th Floor New York City, NY 10007-2630 (516)-990-4096
SHREDDING SERVICES SAN JOSE
2033 Gateway Place. 5Th Floor San Jose, CA 95110 (408) 459-4418
SHREDDING SERVICES SAN DIEGO
350 10Th Avenue. Suite 1000 San Diego, CA 92101-7496 (619) 916-4696
SHREDDING SERVICES LOS ANGELES
633 West Fifth Street. 26Th And 28Th Floors Los Angeles, CA 90071(213) 205-3688
SHREDDING SERVICES IRVINE
7545 Irvine Center Drive. Irvine Business Center, Suite 200 Irvine, CA 92618 (949) 793-7178
SHREDDING SERVICES WASHINGTON
601 Pennsylvania Ave. Nw, South Building, Suite 900 Washington, DC 20004 (240) 266-3056



