A certificate of destruction or CoD is a document that states receipt and destruction of confidential data.
Certificates of Destruction are issued by service providers as a statement of the completion of the destruction of electronics, documents, hard drives, and other data containing media.
Most certificates of destruction will include the address, client name, date of service, service provider's name, corresponding manifest, signature of agent, company logo or letterhead, method of destruction, and legal statement confirming the scope of work performed.
A service provider's certificate of destruction is a self-issued document and does not necessarily mean the provider holds any third party certifications or that the service provider's processes, quality, or security practices have been audited or regulated in any way.
Many companies that dispose of confidential data archive certificates of destruction from service providers to satisfy regulatory and audit requirements. Specific attributes of a certificate of destruction can be defined by an organization's security and management program requirements.
Certificates of destruction should not be considered "proof" of destruction. A certificate of destruction is typically a single component of a larger data protection program that can satisfy regulatory requirements. Certificates of destruction do not eliminate a data controller's requirements to perform due diligence when selecting downstream vendors.
Can't find what you're looking for?Ask us here and we will be in touch within one business day.