Across the data‑destruction industry, Certificates of Data Destruction are routinely treated as proof that data is gone. In reality, most certify only that a process was executed.
They do not warrant that data is irretrievable.
That distinction is not semantic. It determines where liability sits when data believed to be destroyed is later recovered.
Most destruction software is supplied AS IS. Vendors do not warrant the outcome, do not guarantee correctness, and explicitly exclude or cap liability for data loss in their licence terms. Certificates are issued, but responsibility for the result remains with the ITAD and, ultimately, the Data Controller.
In practical terms, a certificate does not transfer risk.
- It does not protect the ITAD.
- It does not protect the client.
If data resurfaces, the existence of a certificate does not change that position.
This is not a misunderstanding or a rare edge case. It is how the industry is structured. Compliance language is used, but outcome responsibility is avoided. Risk is not transferred – it is obscured.
We Chose a Different Position
Where a Data Safe Solutions Certificate of Data Destruction records successful completion, we warrant that the data on the identified device has been rendered irretrievable in accordance with NIST SP 800‑88 Rev 1.
Where destruction is not successful, the certificate records an attempt only – and no warranty applies.
This is made possible by the Smart Wipe Engine, which automatically identifies the storage device and enforces the correct destruction method for that device. Method selection and execution are enforced at the engine level, removing operator judgement and configuration risk.
Independently Proven. Explicitly Scoped. NVMe Included.
This is made possible by the Smart Wipe Engine, which automatically identifies the storage device and enforces the correct destruction method for that device. Method selection and execution are enforced at the engine level, removing operator judgement and configuration risk.
Independently Proven. Explicitly Scoped. NVMe Included.
Our position is independently validated through ADISA Product Assurance at Level 5, with explicit scope across modern storage media, including NVMe.
Most NVMe certificates issued today still demonstrate only that a process was run. They do not prove irretrievability. The gap is bridged with caveats, exclusions, and disclaimers. That model relied on one assumption: that nobody would ask the next question.
That question is now being asked:
Was data destruction independently proven, or did the software simply report success?
Either independent Product Assurance with the relevant media explicitly in scope can be evidenced, or it cannot.
Primary Evidence
The documents below show exactly what Data Safe Solutions warrants – and what has been independently proven.
Our Certificates
