Data erasure no longer ends when a device is wiped. For organizations operating in highly regulated environments, proof has become just as important as the erasure itself. Regulators, auditors, customers, and partners increasingly require clear evidence that data has been permanently erased in line with recognized standards.

The EU Cyber Resilience Act alters how organizations handle digital product security throughout their lifecycle. Though effective from December 2024, its impact peaks in 2026, especially for those involved in IT asset reuse and decommissioning. At that stage, expectations will shift from policy preparation to demonstrable risk reduction, highlighting the importance of effective data erasure.

Secure data erasure is essential, but understanding the actual condition of a device is just as critical. That’s why we’re proud to introduce Diagnostics as a new feature within our software for both computers and mobile devices. With our Diagnostics feature, organizations can assess, document, and report on the functional condition of devices before reuse, resale, or recycling, all within the same trusted Certus environment.

At Certus, we believe data erasure is a fundamental enabler of circular IT. Without absolute certainty that sensitive data is permanently removed, large-scale reuse of IT equipment simply isn’t possible. That’s why we’re proud to partner with Circular Computing. Together, we share a clear mission: enabling secure, compliant, and responsible IT reuse at scale, while reducing e-waste and the environmental impact of technology.

At Certus, we strive to simplify secure data erasure while providing the technical assurance you need. This week, we reached a significant milestone: Certus Erasure 4.0.0 has passed ADISA Product Assurance testing at Assurance Level 5, including NVMe erasure tests per IEEE 2883 and NIST 800-88 guidelines. This certification confirms the reliability of our methods and the trust our customers have in us.

In this edition of The Standards Behind Certus, we take a closer look at one of the most important regulations shaping how organizations manage personal data: the General Data Protection Regulation (GDPR). This blog explains what the GDPR is, how Certus supports GDPR-aligned data erasure, and what this means for your organization.

Q4 is always a unique moment in the business calendar. Budgets are being finalised, compliance checks are intensifying, and IT teams are pushing to close the year with a clean slate. Yet one critical area still gets postponed far too often: data erasure. If your organisation handles laptops, servers, mobile devices, or storage systems, Q4 isn’t a time to delay; it’s the time to act. Here’s why data erasure deserves a place on your end-of-year priority list:

At Certus, we see an alarming trend: while companies invest millions in cybersecurity, the most vulnerable link is often overlooked, the data on equipment leaving their premises. The hard drives and servers exiting your data center are a prime target for cybercriminals. In 2025, supply chain attacks are specifically targeting end-of-life IT assets. Here's how certified data erasure provides your ultimate defense.

In our latest video interview, CEO Ruud de Wildt sits down with Marketing Manager Debie Strijker to introduce Certus Software and share what drives the company forward.

IT environments are becoming more complex by the day, automation and integration are no longer a luxury, they’re a necessity. Organizations need solutions that fit effortlessly into their existing infrastructure, not tools that require them to rebuild their processes from scratch. That’s why one of the most powerful trends shaping the data erasure industry today is the move toward API-driven, automated workflows. 

Earlier this month, Google announced a shift from traditional disk erasure to encryption-based media sanitization, a process that destroys encryption keys to make data inaccessible. While this marks progress in data protection, it also highlights an important distinction: “Encryption hides data. Certified data erasure removes it, permanently.”

International standards are the foundation of secure and verifiable data erasure. In our series The Standards Behind Certus, we explore the frameworks that shape the way organizations protect sensitive information. This time, we focus on the IEEE standards and their role in data sanitization.

At Certus Software, we believe that contributing to a better world goes beyond technology. While our certified data erasure software helps organizations build a safer and more sustainable digital future, we also take pride in supporting initiatives that make a real difference in people’s lives.

We’ve just released a new whitepaper that explores how Certus partnered with a national government to tackle one of today’s biggest challenges: ensuring that data privacy is protected on a nationwide scale. The project led to an innovative solution allowing millions of people to permanently erase data from their devices in a safe, secure manner, fully compliant with international standards.

For years, physical destruction (shredding or crushing hard drives) was seen as the ultimate way to protect sensitive data. After all, if the drive is destroyed, the data must be gone, right But in 2025, a clear shift is taking place. TechRadar recently reported that enterprises are “ditching destruction for smart sanitization,” pointing out that shredding is expensive, environmentally damaging, and doesn’t always meet today’s compliance expectations (TechRadar, 2025).

Technology is evolving at a rapid pace. Stricter privacy regulations, rising cybersecurity risks, and new IT infrastructures mean that organizations must constantly adapt their processes. But technology alone is not enough. The success of secure data erasure ultimately depends on the knowledge and skills of the people carrying it out.

At Certus, we know that terms like certifications, accreditations, and compliance are often mentioned but not always clearly explained. That’s why we’ve started a new blog series to break these concepts down, showing what they mean, why they matter, and how Certus meets (and exceeds) the standards that keep your data safe.

We begin this series with one of the most respected global standards for secure data erasure: NIST SP 800-88 Rev. 1.

At Certus, we are committed to making certified data erasure accessible, understandable, and effective for organizations worldwide. With data security and sustainability becoming increasingly critical in every market, we are proud to announce our next step in global expansion: the opening of a new Certus office in Latin America.

Zero Trust is a crucial security strategy with the principle: never trust, always verify. No user, device, or system is automatically deemed safe; every action requires validation. While many organizations apply this to network access and identity management, what occurs when data reaches the end of its lifecycle?

When people think about data erasure, laptops, desktops, and servers usually come to mind. But what many organizations don’t realize is that a wide range of everyday devices also store sensitive information. These “forgotten” devices often slip through the cracks, creating hidden risks for data breaches.

A new report from Data Insights Market on the Cloud Computing Data Center IT Asset Disposition (ITAD) market forecasts strong growth in the years ahead. By 2025, the market is expected to reach $6.7 billion, with a projected annual growth rate of 10.5% through 2033. But what is driving this rapid expansion?

The Corporate Sustainability Reporting Directive (CSRD) is transforming the way European companies report on sustainability. Where ESG reporting was once mostly voluntary and fragmented, it is now mandatory, detailed, and subject to verification. For organisations with large IT infrastructures, this has direct implications for IT asset management and the way data is securely removed from equipment.

Companies spend millions to protect their networks, train employees, and secure the cloud. But there’s one blind spot that continues to cause real damage: what happens to data on devices after they’re decommissioned? If your data wiping isn’t secure, certified, and auditable — you’re not just facing a technical issue. You’re facing a financial risk.

Most organizations have made significant progress in protecting confidential data, using encryption, access controls, firewalls, and employee awareness training. But one area still tends to be neglected: what happens to data when a device reaches the end of its life? This overlooked phase can pose serious security and compliance risks, and CISOs are increasingly paying attention.