At Certus, we know that terms like certifications, accreditations, and compliance are often mentioned but not always clearly explained. That’s why we’ve started a new blog series to break these concepts down, showing what they mean, why they matter, and how Certus meets (and exceeds) the standards that keep your data safe.

We begin this series with one of the most respected global standards for secure data erasure: NIST SP 800-88 Rev. 1.

What Is NIST SP 800-88 Rev. 1?

In 2014, the National Institute of Standards and Technology (NIST) developed this guideline to define best practices for data sanitization. It is widely used by governments, enterprises, and IT service providers as the benchmark for secure data disposal.

The standard identifies three ways to sanitize data:

• Clear: Overwriting data to prevent basic recovery.
• Purge: Using advanced methods such as cryptographic erase, degaussing, Secure Erase, or Block Erase to make recovery impossible, even with sophisticated forensic techniques.
• Destroy: Physically destroy the medium (shredding, melting, incineration, etc.) so that recovery is completely impossible.

To achieve compliance, a solution must meet strict technical and procedural requirements that prove it can carry out these processes securely, consistently, and verifiably.

Why It’s Not Easy to Achieve

Becoming compliant with NIST SP 800-88 Rev. 1 is not something that happens overnight. Software providers must prove that their solutions erase data completely, consistently, and across a wide variety of devices. On top of that, the process has to be validated and documented.

It’s a demanding standard, and that’s exactly why organizations and regulators trust it. Many laws and industry frameworks, from GDPR in Europe to HIPAA in the US, reference NIST SP 800-88 as the benchmark for secure data disposal.

What It Means for Certus Customers

For Certus, compliance with NIST SP 800-88 Rev. 1 shows that our solutions deliver more than promises. We’ve been independently tested and validated against one of the world’s toughest standards, so you can be confident your data is erased permanently.

For customers, this means peace of mind: your organization reduces the risk of data breaches, stays aligned with global regulations, and can safely reuse or recycle devices knowing the data has truly been removed.

This is the first in our new series on certifications, accreditations, and compliance. Next time, we’ll dive into another important standard and explain what it means for your business.