As data volumes continue to skyrocket, projected to reach 221 zettabytes in 2026, and the average cost of a data breach remains over US $4.4 million, organizations face mounting pressure to ensure secure, consistent, and verifiable sanitization of information storage media (ISM) at end-of-life.
Ensuring a robust strategy for the secure handling and sanitization of your business's data at end-of-life is now more critical than ever. Equally important is partnering with third-party service providers who adhere to stringent standards, ensuring that confidential information remains protected and does not fall into unintended hands.
Navigating data protection involves addressing challenges such as country-specific regulations, economic feasibility, and legal obligations. With the release of NIST 800-88 Revision 2 (2025) and the introduction of the IEEE 2883-2022 standard, organizations now have a modernized framework for selecting sanitization processes that align with both current technology and regulatory expectations.
Contents
- What is Data Destruction?
- New Standards for a New Era
- What are the most widely adopted data destruction standards?
- What is NIST 800-88?
- What is IEEE 2883-2022?
- Why was IEEE 2883-2022 Required?
- Key Methods: Clear, Purge, and Destroy
- Key Features of IEEE 2883-2022
- What are the advantages of IEEE 2883-2022
- Conclusion
What is Data Destruction?
Data destruction is the process of deliberately, permanently, and irreversibly removing or destroying data stored on a memory device to make it irrecoverable. It is an essential step in preventing the recovery of sensitive information during device reuse, redeployment, recycling, or disposal.
Key considerations to include:
-
Future Use of Media: Will the media be reused, repurposed, redeployed, or destroyed?
-
Data Sensitivity: Higher risk, or highly confidential data requires more rigorous sanitization (typically Purge or Destroy)
-
Storage Technology: Different media types (e.g., HDDs, SSDs, optical discs, NVMe technology) behave differently and require specific sanitization techniques, now defined by IEEE 2883.
New Standards for a New Era
Advancements in data storage technology, such as the widespread adoption of solid-state drives (SSDs) and the development of more complex storage systems like NVMe, have made traditional data destruction methods less effective. These new technologies offer greater storage capacities and faster data retrieval, but they also present unique challenges in ensuring that data is completely and irreversibly erased.
To address these challenges:
NIST SP 800-88 r2 removed all technique level guidance. Instead NIST now instructs organizations to reference IEEE 2883-2022 for how to perform Clear, Purge or Destroy processes
IEEE 2883-2022 provide the technical guidance, including exact guidance for HDDs, SSDs, NVMe, flash memory, and hybrid devices, ensuring consistent execution across vendors and technologies.Data destruction standards are no longer only intended to address risk; they can also be aligned with your corporate goals to drive sustainability. Adopting the most up-to-date standards for data security opens additional opportunities to reuse even the newest technologies, improving value recovery and environmental outcomes.
What are the most widely adopted data destruction standards?
Today, the two leading global sanitisation frameworks are:
1. NIST SP 800-88 Revision 2 (2025)
Defines the sanitisation methods (Clear, Purge, Destroy) and the programmatic requirements for sanitisation.
2. IEEE 2883-2022
Defines the processes and device-specific technical steps to perform Clear, Purge, and Destroy on modern ISM.
Governments may also impose sector-specific requirements, but these two standards form the foundation of modern sanitisation.
What is NIST 800-88?
NIST SP 800-88 provides the framework, definitions, and governance elements for media sanitization. Revision 2 (r2) modernises the standard by:
-
Focusing on enterprise-wide sanitization programs
-
Removing all prescriptive wipe techniques
-
Adopting Clear, Purge, Destroy as the only sanitisation methods
-
Introducing the ISM (Information Storage Media) term
-
Directing organisations to IEEE 2883 for technical processes
Under r2, decisions must be risk-based, verifiable, and documented.
What is IEEE 2883-2022?
IEEE 2883-2022 provides the authoritative technical guidance for performing Clear, Purge, and Destroy processes on all modern storage technologies. It is a standard developed by the Institute of Electrical and Electronics Engineers (IEEE) to address the secure sanitization of data-bearing storage devices. Where NIST defines what needs to happen, IEEE defines how to do.
The IEEE Standard covers:
-
HDD sanitization processes
-
SSD and NVME-specific requirements
-
Cryptographic erase validation
-
Logical and physical sanitization processes
-
Verfication and sanitization reporting
-
Multi-namespace and multi-controller environments
-
Zone-based storage (ZNS, SMR)
-
TCG Opal subsystem requirements
Why Was IEEE 2883-2022 Needed?
The evolution of storage technologies, including the widespread adoption of solid-state drives (SSDs) and advancements in data recovery techniques, necessitated an update to existing data sanitization standards. IEEE 2883-2022 addresses these advancements by providing updated methods that ensure effective data destruction across modern storage devices.
Key Methods: Clear, Purge, and Destroy
Clear
Logical sanitization appropriate to the device type (ATA/SCSI/NVMe sanitize commands, overwrite processes, logical block removal) that protects against non-specialized data recovery.
IEEE 2883 details processes such as:
-
Vendor-specific ATA/SCSI/NVMe “sanitize” commands
-
Firmware-controlled overwrites
-
Logical clear operations including overwrites
Clear may be used when data protection requirements allow and the information storage media will remain in a controlled environment, for example being reused internally.
Purge
Robust sanitization that protects against laboratory-grade recovery (includes cryptographic erasures, NVM forma, block erase, sanitize commands)
IEEE 2883-defined Purge processes include:
-
Cryptographic Erase (CE)
-
NVMe “Format NVM” with crypto-erase
-
Physical block erase for flash memory
-
Secure vendor sanitisation sequences
Suitable for reuse externally or in different security environments.
Destroy
Physical sanitization rendering storage media unusable and meeting mandated particle size requirements
IEEE 2883 clarifies requirements for:
-
Disintegration
-
Pulverization
-
Shredding (with specific particle size requirements)
-
Melting or incineration
Key Features of IEEE 2883-2022
-
Full alignment with NIST 800-88 Revision 2 (link)
-
Technical detail for every major ISM type (HDD, SSD, NVMe, flash, SMR, ZNS)
-
Cryptographic erase processes and associated verification requirements
-
Verification & reporting requirements
-
Support for complex storage architectures (namespaces, controllers, zones)
-
Sustainable outcomes by enabling secure reuse whenever possible
What are the advantages of IEEE 2883-2022?
The IEEE 2883-2022 standard offers several advantages over NIST 800-88, particularly for enterprise environments:
- Enhanced Data Security: Aligned with current enterprise technologies.
- Improved Reuse Outcomes: Enables sanitization across all drive types, reducing destruction needs.
- Increased Value Recovery: More drives can be reused or resold, reducing total cost of ownership.
- Sustainability Benefits: Fewer drives destroyed, supporting circularity and reducing e-waste.
The Highest Standards of Data Protection
As your expert IT Asset Disposition (ITAD) partner, SK Tes can guide you through all the options.
We offer:
-
NIST 800-88r2-aligned Clear, Purge, and Destroy
-
IEEE 2883-compliant sanitization processes
-
Cryptographic Erasure (CE)
-
Secure chain of custody
-
Reuse-first lifecycle strategies
-
Global service delivery across 100+ countries
Our end-to-end processes ensure data is thoroughly erased to the highest international data destruction standards.
