A wiped drive can still be a liability. Re-mapped sectors, controller cache, hidden firmware areas, and degraded SSD blocks can survive software erasure if the procedure is not perfect. For end-of-life drives, encrypted devices with lost keys, drives that fail wipe verification, or any media holding regulated data, software is not the right tool. Physical destruction is.
Hard drive shredding turns the storage media into fragments small enough that data reconstruction is no longer realistic. It is the most defensible end-of-life decision for HDDs, SSDs, hybrid drives, tape cartridges, and any media storing protected data. When auditors ask how the drive was destroyed, you need an answer that holds up under scrutiny: serialized chain of custody, a certified shred size, and a documented method that aligns with NIST 800-88 and DIN 66399.
Most providers offer one mode. Excess IT Hardware offers two, and the right choice depends on your policy, your timeline, and your appetite for chain-of-custody risk.
On-Site Mobile Shredding | In-Facility Witnessed Shredding |
We bring the shredder to your address. Drives never leave your physical control. Destruction happens at your loading dock, server room, or secure conference room while your team observes. | Drives are sealed at your site under chain of custody, transported to our West Palm Beach facility, and shredded in front of your team in person or via live video witness, with serialized verification. |
Best for: regulated industries, high-volume projects (50+ drives), and policy environments where drives cannot leave the building before destruction. | Best for: smaller batches, mixed media types, multi-site programs, and clients who want lower per-drive cost without giving up witnessed destruction. |
Hard drive shredding is rarely just “we want to destroy a drive.” It is almost always tied to a regulation, an audit, or a contractual obligation. Excess IT Hardware shredding aligns with the destruction requirements of:
For a deeper look at the documentation that supports each of these frameworks, review our certificate of recycling and data security page.
DIN 66399 is the global standard for media destruction security. The higher the level, the smaller the fragment, and the harder it is to recover any data. Excess IT Hardware operates at the levels that match real-world compliance needs.
Media | Level | Particle Size | Use Case |
Traditional HDD | DIN H-4 | 18mm | HIPAA, GLBA, SOX, PCI DSS, FACTA-eligible destruction for hard disk drives. |
Solid State Drive | DIN E-3 | 9mm | SSDs require finer shred sizes because data lives across small flash chips. The 9mm size addresses that physics. |
HDD via Crusher | DIN H-3 | Crushed platter | Verity Systems Crunch 250 crushing for projects where complete shredding is not required. |
SSD via Crusher | DIN E-1 | Crushed | Crushing path for SSDs at lower security levels, often combined with shredding for layered destruction. |
If your policy demands the deepest possible destruction, we can stack methods: crush plus shred for HDDs, or shred-then-degauss workflows for tape media. See the full set of options on our data destruction services hub.
Many organizations choose on-site hard drive shredding because it removes the biggest weak point in data disposal: the gap between pickup and destruction.
Excess IT Hardware’s nationwide pickup page highlights on-site hard drive shredding as a secure option, along with chain of custody documentation so you know what items left your facility.
If you operate in a regulated environment, on-site shredding can simplify internal approvals because destruction happens at your location, on your schedule, under your oversight.
Drive destruction projects rarely happen in isolation. They are usually part of a server refresh, a leased equipment return, an office closure, a data center decommissioning project, or a regulator-driven response. Our shredding workflow is built for those operational realities, not for a checkbox.
That means staged collections from multiple departments. Mixed media types in one project (HDDs, SSDs, tape, USB drives, mobile devices). Serial-level inventory tracking with reconciliation against your asset management system. Clean closeout documentation that finance, IT, and legal can all sign off on. And destruction that fits inside the project timeline, not the other way around.
A good vendor tells you when shredding is overkill. If your drives are in good working order and you want to recover residual value, software-based sanitization may be the better path. We support that decision through certified data erasure with verification logs, then route the cleared drives back into resale rather than destruction.
If your project mixes drives that should be wiped with drives that must be destroyed, we run both tracks under one project. See our certified data erasure service for the wipe-first workflow, or our on-site hard drive crushing service if crushing better fits your policy.
Excess IT Hardware is headquartered in West Palm Beach, FL, and operates a hard drive shredding program that covers South Florida directly and the rest of the United States through our nationwide pickup network. Whether you are shredding 10 drives in Boca Raton or 5,000 drives across a multi-state portfolio, the workflow stays the same: serialized intake, certified destruction, documented closeout. There are no separate vendors to coordinate, no broken chain of custody between sites, and no inconsistent documentation across regions.
HIPAA does not specify a particular shred size. It requires that destruction render protected health information unable to be retrieved, which is a functional standard. The widely accepted benchmark across regulated industries is DIN 66399 Level H-4 for traditional hard drives, which produces 18mm fragments. For solid state drives, DIN 66399 Level E-3 at 9mm or smaller is the standard because flash memory chips are physically smaller than HDD platters and require finer particle sizes to prevent reconstruction. PCI DSS Requirement 9.8 follows similar logic, asking that media be destroyed so cardholder data cannot be reconstructed. Excess IT Hardware shreds traditional drives to 18mm and SSDs to 9mm, which satisfies both standards and the destruction requirements of HIPAA, GLBA, SOX, and FACTA.
Yes. On-site hard drive shredding means a mobile shred unit comes to your physical address and destroys drives at your loading dock, server room, or secure space while your team watches. The advantage is that drives never leave your facility intact, which closes the chain-of-custody gap that exists when sealed drives are transported to a destruction facility. For organizations with strict internal policies, regulated client contracts, or a compliance officer who requires witnessed destruction, on-site shredding is often the simpler answer for sign-off. That said, in-facility shredding with witnessed destruction is equally defensible for most audits, costs less per drive, and works better for smaller batches. Excess IT Hardware offers both. The right choice depends on your project size, your policy, and your audit profile.
Yes, and this is one of the most overlooked details in IT asset destruction. Traditional hard drives store data on spinning magnetic platters. Once those platters are physically broken into fragments, the data cannot be reconstructed. Solid state drives store data on small NAND flash chips that are scattered across the drive, often only a few millimeters in size. Shredding an SSD to the same particle size as an HDD can leave intact flash chips inside the fragments, and intact chips can theoretically be read with specialized equipment. That is why SSDs require a smaller shred size. Excess IT Hardware shreds SSDs at DIN 66399 Level E-3 (9mm) compared to the 18mm size used for HDDs, which destroys the flash chips themselves rather than just the housing. If a vendor cannot tell you the difference between HDD and SSD shred levels, that is a red flag worth questioning.
A defensible certificate of destruction includes the date of destruction, the destruction method (shredding, crushing, or both), the destruction standard met (such as NIST 800-88 Destroy or DIN 66399 H-4), the serial numbers or asset tags of every drive destroyed, the witness or operator who supervised the destruction, the company name and address where destruction occurred, and a unique certificate identifier that ties back to your project. Generic certificates that only show a date and a vendor logo are not enough for a real audit. Excess IT Hardware issues a serialized certificate of recycling and data security with each project, which means every drive is accounted for by serial number and the destruction event is uniquely identifiable. This is the documentation auditors, regulators, and client risk reviews actually expect.
Shredded materials are not waste. They are a mix of metal alloys, plastics, and circuit board fragments that need to be processed responsibly so the destruction project does not create a downstream environmental issue. Excess IT Hardware routes shredded materials through certified downstream recyclers consistent with a zero-landfill policy. Aluminum and steel from drive housings are recovered for material reuse. Circuit board components are processed for precious metal recovery (copper, gold, palladium). Plastics are separated and recycled where commodity markets allow. The end result is that one project completes both your data security obligation and your responsible-disposal obligation under EPA e-waste guidelines and any state-level e-waste laws that apply to your operations.
If your organization needs irreversible destruction of HDDs, SSDs, tape, or mixed media, Excess IT Hardware Hard Drive Shredding gives you a defensible answer for every audit, every regulator, and every internal review. Request shredding as a standalone service or bundle it into a larger ITAD project so your team gets one workflow, one pickup schedule, and one serialized certificate covering everything.
Request a hard drive shredding quote online or call (561) 600-8656 to talk to a specialist.
