Government Industry

NIST-Aligned Data Destruction for State and Local Government

Witnessed destruction of hard drives, SSDs, and backup tapes for state agencies, counties, and municipal IT. Methods follow NIST SP 800-88 r1. Certificate of Destruction in 24 hours, designed to satisfy IRS Pub 1075 and state breach-notification statutes.

Call (866) 850-7977
  • 24-Hour Certificate of Destruction
  • Bonded & Insured Technicians
  • Continuous Chain of Custody
  • Methods follow NIST SP 800-88 r1
  • Witnessed Destruction

How State and Local Agencies Document Destruction for Public Audit

State and local government data destruction satisfies a public-records audit standard. State auditors, inspector general offices, and state legislative oversight committees review IT disposal records as part of routine performance audits.

The dominant federal control referenced by state CIO offices is NIST SP 800-88 r1, and agencies that handle federal tax information (FTI) must also conform to IRS Publication 1075 Section 9.4 for media destruction.

Three constraints make government destruction unique. First, FTI-handling agencies must use destruction methods explicitly listed in IRS Pub 1075, shredding to specified particle sizes, degaussing to specified field strengths, or both in series for hybrid media. Second, public records laws (state-by-state) often require retention of destruction documentation for 3 to 10 years; Data Destruction Inc. retains every Certificate of Destruction for 10 years to satisfy the longest state retention window. Third, public-procurement rules require itemized invoicing and serialized asset tracking; every job produces an inventory reconciled to the agency’s fixed-asset register.

Every job produces a Certificate of Destruction, a serialized chain-of-custody log per asset tag, and a destruction-method record that maps to NIST 800-88 r1 categories; the documentation package that satisfies state auditor, IRS Pub 1075 reviewer, and public-records-request workflows.

Regulations Your Business Must Follow

NIST SP 800-88 r1 Guidelines for Media Sanitization
The federal media sanitization benchmark referenced by 47 of 50 state CIO offices. Specifies destruction methods per media type — shredding for HDDs and SSDs, degaussing for magnetic tape — and is the standard against which state auditors evaluate disposal.
IRS Publication 1075 Section 9.4 Media Sanitization
Agencies that receive federal tax information must destroy FTI media using methods listed in Pub 1075 §9.4. Physical shredding (HDDs to ≤25 mm, SSDs to ≤2 mm) and degaussing-plus-shred for tape satisfy this requirement.
State Breach Notification Laws 50-state coverage
All 50 states require breach notification when personal information of state residents is exposed. Documented destruction is the affirmative defense that records were rendered unreadable before disposal.
State Public Records Retention State-specific schedules
State public records laws require retention of destruction documentation from 3 to 10 years. Data Destruction Inc. retains Certificates of Destruction for 10 years to satisfy the longest retention window in any state.
CJIS Security Policy (where applicable) Section 5.8 Media Protection
Agencies handling criminal justice information must follow the CJIS Security Policy media-disposal requirements. Our destruction methods conform to CJIS §5.8.3 (Disposal of Physical Media).

What Government Buyers Face — and How We Solve It

  • Our state auditor reviews IT disposal records as part of every audit cycle.

    Every Certificate of Destruction is formatted with the line items state auditors expect: asset tag, serial number, destruction method (NIST 800-88 r1 category), date and time, witness name and signature, and chain-of-custody reference.

  • FTI-handling agencies must follow IRS Pub 1075 destruction methods.

    Our shredding to ≤25 mm (HDD) and ≤2 mm (SSD), plus degaussing-plus-shred for backup tape, are the methods listed in IRS Pub 1075 §9.4.7 for FTI destruction. The method used per asset is recorded on the Certificate.

  • Some assets are still on the active asset register at disposal time.

    We reconcile the destruction inventory against your fixed-asset register before destruction. Each destroyed asset receives a unique chain-of-custody reference that you can post to your asset management system to mark the asset as disposed.

  • We can't ship server-room drives off-site without security escort.

    On-site mobile destruction at your data center or operations facility. Drives are destroyed in your secured loading dock or IT room before leaving the premises, with named-witness signatures from your IT security officer.

  • Our public-records request workflow needs destruction records available for years.

    Every Certificate of Destruction is retained for 10 years — the longest window across any state public-records statute. Records are re-available on request throughout the retention period for public-records, FOIA, or open-records inquiries.

  • CJIS data must be destroyed under a separate documented method.

    Criminal justice information assets are flagged separately on the chain-of-custody log. The destruction method conforms to CJIS Security Policy §5.8.3, and the Certificate of Destruction includes a CJIS conformance note when CJIS assets are present.

Audit Documentation You Receive

  • Certificate of Destruction

    Per-job audit document with chain-of-custody log, destruction methods used, witness signatures, and regulation references. Issued by Data Destruction Inc. within 24 hours.

  • Chain of Custody Log

    Tracks each piece of media from pickup through destruction with timestamps and named handler signatures. Required for audit defense.

  • Serialized Inventory

    Asset-by-asset inventory with serial numbers, manufacturer, model, and asset tag for every destroyed drive. Reconciled against the pickup manifest before destruction.

  • Witness Signatures

    Named-witness verification with printed names, signatures, dates, and times. Customer-witnessed at your facility or independent third-party witnessed at our destruction facility.

  • Insurance Certificate (on request)

    General liability and cyber liability coverage information for your records, audit team, or insurance broker.

  • State Auditor Reconciliation Report

    Per-job reconciliation document that ties destroyed assets back to the agency's fixed-asset register entries, formatted for state auditor and inspector general review.

CoD

Certificate of Destruction

Issued by Data Destruction Inc. within 24 hours of destruction

Frequently Asked Questions

Do you sign a non-disclosure agreement or contract before pickup?
Yes. Data Destruction Inc. signs an NDA or vertical-specific contract with every government client before any pickup is scheduled. The document is delivered electronically within 4 business hours of quote acceptance and is countersigned before our truck is dispatched. Both parties retain the executed document for the full 10-year documentation retention period.

What does the Certificate of Destruction include for Government audits?
The Certificate of Destruction includes six audit fields: asset serial numbers, destruction method used, date and time of destruction, named witness signature, operator and company identification, and chain-of-custody reference number. Each field is populated within 24 hours of destruction. The certificate format is built to satisfy auditor, regulator, and insurance documentation requirements.

Can a government client witness the destruction?
Yes. Customer-witnessed destruction is available at your facility through our mobile shredding service, or you can send a representative to witness destruction at our facility. The witness signs the Certificate of Destruction with printed name, signature, and timestamp. Independent third-party witnessing is also available when required by your audit or insurance program.

What destruction methods do you use for government media?
We use shredding for HDDs (≤25 mm particle size), shredding for SSDs and flash media (≤2 mm particle size), and degaussing followed by shredding for magnetic backup tapes. Each method maps to NIST SP 800-88 r1 Destroy category for the specific media type. The method used for each asset is recorded on the Certificate of Destruction.

Do you conform to IRS Pub 1075 §9.4 for FTI destruction?
Yes. Our shredding methods (HDD to ≤25 mm, SSD to ≤2 mm) and tape degaussing-plus-shred are the destruction methods listed in IRS Pub 1075 §9.4.7 Table 9-1. The destruction method used for each asset is recorded on the Certificate of Destruction, with a Pub 1075 conformance note when FTI-handling assets are present in the job.

Can you handle a multi-agency consolidation or data-center decommissioning?
Yes. Multi-agency consolidations and data-center decommissionings use our enterprise workflow: agency-by-agency scheduling, palletized pickup with agency-coded labels, per-agency chain-of-custody manifests, and a master Certificate of Destruction with agency-level line items. Past projects have moved over 6,000 drives across 12+ agencies in a single fiscal-year consolidation.

How does your process satisfy a state legislative performance audit?
Our Certificate of Destruction and chain-of-custody log include every line item a state performance auditor reviews: asset tag, serial number, destruction method (NIST 800-88 r1 category), date and time, witness name and signature, operator identification, and chain-of-custody reference. The audit-ready format has been accepted in performance audits across multiple state governments.

Do you provide separate documentation for CJIS-controlled assets?
Yes. When the asset inventory contains CJIS-controlled media, those assets are flagged on the chain-of-custody log and a separate CJIS conformance memo is attached to the Certificate of Destruction. The memo references CJIS Security Policy §5.8.3 and the destruction method applied.

Explore More

Related Industries

Compliance Resources

Our Services

Ready to destroy government data securely?

Bonded · Insured · 24-Hour Certificate of Destruction · Methods follow NIST SP 800-88 r1

Call (866) 850-7977