NIST 800-88 aligned. R2 Certified downstream chain. Serialized certificates for every device.
Every retired laptop, server, backup tape, and SSD is a data breach waiting to happen. One misplaced drive can trigger HIPAA penalties, PCI DSS exposure, and breach-notification costs that dwarf the value of the equipment itself. Excess IT Hardware provides certified data destruction services for organizations that need to retire IT equipment without leaving recoverable data behind.
Five destruction methods, one workflow, full documentation. Every drive is scanned by serial number, processed under chain of custody, and matched to a certificate that holds up in a compliance audit. Methods are aligned with NIST Special Publication 800-88 (Clear, Purge, and Destroy categories). Output material is routed through an R2 Certified downstream chain. The technicians who perform the destruction work are HIPAA trained. EPA ID: FLR000269027.
Data destruction is not only about the final step of shredding or wiping. The process begins with controlled handling. Your team needs to know that devices are managed securely as soon as they are collected, consolidated, or removed from production.
Excess IT Hardware supports businesses that need structured IT equipment removal paired with secure destruction options. Whether your assets are being retired through a cleanout, refresh cycle, relocation, or decommissioning project, the goal stays the same: protect data first, then manage electronics responsibly.
Different policies require different methods. Some assets must be physically destroyed before they leave your facility. Others can be securely sanitized and resold to recover value. The right choice depends on your data sensitivity, your compliance framework, and whether you plan to recover residual hardware value.
Certified Data Erasure. Software-based sanitization aligned with NIST 800-88 Clear and Purge categories. Best when equipment still has resale or donation value. Verified erasure produces a serialized certificate per device. Recommended for laptops, desktops, and SSDs where reuse is part of your asset strategy.
On-Site Hard Drive Erasure. Same NIST 800-88 sanitization as our standard erasure service, but performed at your facility before drives leave your custody. Best for organizations whose internal policy or client SLAs require sanitization before transport.
On-Site Hard Drive Crushing. Physical destruction performed at your location using the NSA-listed Crunch 250 hard drive destroyer. Each drive is rendered unusable in seconds; output meets DIN 66399 H-3/E-1. Best for high-sensitivity environments and policies that require destruction before drives leave your dock.
Hard Drive Shredding. Industrial shredding that reduces drives to particles. Best for end-of-life drives, mass disposal projects, and policies that require irreversible destruction with no possibility of platter reconstruction. Output proceeds directly to the R2 Certified downstream chain.
Tape Shredding and Degaussing. Specialized handling for LTO, DLT, and legacy backup tapes. Degaussing erases magnetic data; shredding physically destroys the tape body. Best for organizations retiring archival backups or decommissioning a tape library.
Certificate of Recycling and Data Security. Every destruction project produces a serialized certificate documenting the method, the date, the technician, and the asset list. This is the artifact your compliance team and cyber insurer will request.
Method | Reversible? | Reuse possible? | On-site option? | NIST 800-88 category | Best for |
Certified Data Erasure | No (data gone) | Yes | Yes | Clear / Purge | HDDs and SSDs with residual value; reuse and resale programs |
On-Site Hard Drive Erasure | No | Yes | Yes (always) | Clear / Purge | Policies requiring sanitization before equipment leaves your dock |
On-Site Hard Drive Crushing | No (physical damage) | No | Yes (always) | Destroy | High-sensitivity HDDs; immediate physical destruction |
Hard Drive Shredding | No (particles) | No | Yes | Destroy | End-of-life drives; bulk projects; archival retention end |
Tape Shredding & Degaussing | No | No | Available | Purge (degauss) + Destroy (shred) | LTO/DLT backup tapes; archival magnetic media retirement |
Data destruction is the operational answer to a stack of regulatory requirements. Every method we offer maps to specific controls in the major frameworks.
NIST 800-88 is the federal standard for media sanitization and the framework most US organizations align to. It defines three categories: Clear (logical sanitization that resists keyboard attack), Purge (sanitization that resists laboratory attack), and Destroy (rendering the device unusable). Our erasure services align with Clear and Purge; our crushing, shredding, and tape destruction services align with Destroy.
Covered entities and business associates must implement policies for the disposal and reuse of electronic media containing electronic protected health information. Our HIPAA-trained technicians follow documented procedures, sign business associate agreements where applicable, and produce destruction certificates that map to your asset records.
Payment card industry data security standard requires that media containing cardholder data be destroyed when no longer needed for business or legal reasons. Our shredding and crushing services meet the standard’s “render data unrecoverable” test; our erasure services produce verifiable sanitization records.
Financial institutions and any business handling consumer reports must take reasonable measures to protect against unauthorized access during disposal. Documented destruction with a chain of custody is the defensible standard.
Defense contractors and public companies have additional documentation requirements. Our erasure software supports DoD 5220.22-M three-pass overwrite. Our destruction documentation supports SOX IT general controls audits.
Florida law and federal RCRA hazardous waste rules govern the disposal of electronic equipment containing heavy metals. Our chain of custody confirms responsible processing and zero-landfill disposition.
We work with regulated and high-sensitivity environments where data destruction is non-negotiable.
Hospitals, physician groups, dental practices, behavioral health, medical device companies, and clinical labs. HIPAA-trained technicians, BAA on file, and serialized certificates that satisfy OCR audits.
Banks, credit unions, wealth management, accounting firms, mortgage and title companies. Documentation supports GLBA, SOX, and state financial-data regulations.
Law firms, corporate counsel, professional services. Privileged and confidential client data destruction with chain of custody.
Municipal, county, and state agencies, K-12 districts, colleges and universities. NIST 800-88 alignment supports federal pass-through funding requirements.
DoD 5220.22-M sanitization, NSA-listed crushing, DFARS-aligned documentation.
Refresh cycles, lease returns, decommissioning, M&A divestitures, and site closures. Project-scale handling for thousands of devices with consolidated reporting.
Data destruction is not just the moment the drive is crushed. It is the entire path from your storage closet to the final certificate. Gaps anywhere in that path create the same exposure as no destruction at all.
Our chain of custody covers every handoff:
Every project produces a documentation package designed for compliance audits, vendor risk reviews, cyber insurance applications, and internal asset reconciliation.
Standard package includes: a serialized Certificate of Recycling and Data Security covering every processed device; an itemized asset list with serial numbers; the destruction method per device; the destruction date; and the EPA ID of the processing entity (FLR000269027). Online reporting access is also provided so your team can pull documentation any time without waiting for a request.
Data erasure is software-based sanitization that removes data from a drive while leaving the drive functional for resale or reuse. It aligns with NIST 800-88 Clear and Purge categories. Hard drive shredding is physical destruction that reduces the drive to particles. It aligns with NIST 800-88 Destroy. Choose erasure when equipment has resale value and your policy allows reuse after verified sanitization. Choose shredding when drives are end-of-life or your policy requires irreversible destruction.
On-site destruction is the right choice when your internal policy or client SLA requires that drives be destroyed before they leave your facility. It is common in healthcare, defense, financial services, and any environment with strict chain-of-custody requirements. On-site work is more expensive than off-site, but it eliminates the transport-leg risk entirely. We bring the equipment to you and provide a destruction certificate before we leave.
Excess IT Hardware operates as a HIPAA business associate when handling data-bearing equipment from covered entities. Our technicians are HIPAA trained, we execute business associate agreements as required, and our destruction documentation supports HHS Office for Civil Rights audits. Note that no company is “HIPAA certified” as an entity; HIPAA compliance is demonstrated through trained personnel, executed BAAs, documented procedures, and the certificates we produce per project.
Excess IT Hardware routes all material through an R2 Certified downstream chain for material recovery and zero-landfill disposition. R2 certification applies to the downstream processors in our chain of custody.
Our EPA ID is FLR000269027. The EPA ID confirms registration as a hazardous waste handler and is required documentation for organizations that need to demonstrate compliant electronic waste disposal under RCRA. It appears on every certificate we issue.
SSDs require different handling than spinning hard drives because their flash storage cannot always be fully sanitized by overwrite-based methods. Our standard SSD path is NIST 800-88 Purge using firmware-level sanitization commands, with destruction as the path for high-sensitivity SSDs where sanitization verification is not acceptable. We will recommend a method based on your data classification.
Every project produces a serialized Certificate of Recycling and Data Security listing each device by serial number, the destruction method used, the destruction date, the technician, and our EPA ID. You also receive online reporting portal access for ongoing reference. The package is designed to satisfy compliance audits, cyber insurance requirements, and internal asset reconciliation.
Yes. We coordinate destruction projects across multiple sites nationwide, with consolidated reporting that rolls up into one documentation set. Multi-site work typically combines on-site destruction at the highest-sensitivity locations with regional pickup and processing for the rest of the inventory.
Yes. LTO, DLT, and legacy backup tapes can be degaussed (which erases the magnetic data) and then shredded (which destroys the physical tape). Tape destruction is often missed during cleanouts because tapes look unimportant, but they frequently contain years of accumulated sensitive data and should be handled with the same rigor as hard drives.
Standard pickup scheduling is typically within one to two weeks. On-site projects with mobile destruction equipment require more lead time, generally two to three weeks for South Florida and three to four weeks for nationwide work. Urgent projects (data center site closure, M&A timeline, breach response) can often be expedited; call to discuss.
If you are retiring IT equipment, cleaning out storage, decommissioning hardware, or managing compliance obligations, Excess IT Hardware Data Destruction Services provide a secure, documented way to eliminate risk. Choose the destruction method that fits your policy, protect sensitive data before assets move forward, and close out your project with confidence. Contact Excess IT Hardware to request a quote, confirm the right destruction option, and schedule your next secure pickup.
Ready to schedule a project? Use our Schedule a Pickup form to start the intake. We will confirm scope, method, and pricing before any equipment moves.
Need to talk through method selection? Call (561) 600-8656, or talk to a specialist. We will help you map your data sensitivity and policy constraints to the right destruction method or method mix.
Evaluating providers? Review our compliance policy and process documentation so you can compare us against the other providers on your shortlist before you call.