At Blancco, we talk a lot about our global certifications and 3rd party validations of our products. But we also understand that the world of compliance, approvals, standards and certifications can be confusing for those who don’t work in legal and compliance roles. This document will help you understand the importance of both data erasure certifications and third-party validations and the role they play in choosing a data erasure software solution. We’ll also cover the difference between data erasure standards and data erasure certifications.
The Importance of Data Erasure Certifications
Data erasure product certifications aren’t easy to achieve. That’s why Blancco is so proud to be the most certified data erasure software provider globally. By its very definition, product certification endorses our products’ effectiveness by subjecting them to independently-validated quality and performance tests. It is the strongest possible indicator of the quality within the product and the environment in which it’s developed. To earn a certification, an organization must meet compliance with specific industry standards and/or data privacy/security regulations. Blancco has the following global certifications:
Blancco’s data erasure software is approved and certified in accordance with Mexican standards for development. As a result, Blancco’s methods of erasure have been evaluated and deemed to be in compliance with the criteria established by the INAI Guide to secure data deletion.
|Netherlands National Communication Security Agency
The Dutch National Signals Security Bureau (NBV), part of the General Intelligence and Security Service of the Netherlands that promotes the protection of government information have approved Blancco 5 for erasing HDDs and SSDs.
|National Cyber Security Centre (NCSC)
Blancco is certified by the National Cyber Security Centre (NCSC), the UK Government’s National Technical Authority for Information Assurance. The Blancco product exceeded the highest security specifications detailed in the HMG Infosec Standard No: 5.
|The Federal Service for Technical and Export Control (FSTEC)
The Federal Service for Technical and Export Control (FSTEC) of Russia implements national policy for information security and protection of sensitive information. Blancco has been awarded a certificate from FSTEC confirming the software’s compliance with a range of technical requirements, including the validation of its security functions.
|BSI – Federal Office for Information Security*
Blancco is certified by the Federal Office for Information Security (BSI), also known as the German Information Security Agency (GISA). The approved version fulfills the stringent security requirements of the BSI guidelines for classified documents and has been audited by the TÜV SÜD.
|Certified for Common Criteria (ISO 15408)
Common Criteria is an internationally recognized independent security certification recognized by governments in 26 countries across Europe, Australasia, Asia and North America. Blancco 5 and Blancco File Eraser are Common Criteria certified.
|Swedish Armed Forces
Blancco is certified by the Swedish Armed Forces, providing our Scandinavian and Nordic customers with an absolute line of defense against security breaches.
|Central Information Systems Security Division
Blancco is certified and recommended by the DCSSI (Central Information Systems Security Division under the authority of the French General Secretary for National Defense). Blancco is the only certified data erasure solution in France.
|ABW||The Polish Internal Security Agency
The ABW, revered as the Polish special service, is responsible for protection of the country’s internal security and its constitutional order. Blancco is the only data erasure software certified by Polish authorities.
These global certifications showcase our software’s ability to meet the needs of even the most highly-regulated industries (and organizations). Our tamper-proof Certificates of Erasure (which come with every erasure) are audit-ready and designed to help your organization meet compliance—no matter where your business is located. (For more information on how data erasure certifications work in North America specifically, including the NIAP certification, please see our blog on the topic). As a quick overview, this certification is no longer offered in the United States, so any company that claims to have it is showcasing an outdated certification that is several years old and applies to an older version of its software. Therefore, it’s important that organizations always evaluate a vendor’s most current software, to ensure it is not only certified, but also third-party validated in its most current iteration.
Perhaps even more important than certifications, third-party validations confirm that data erasure software works as a vendor promises it does. At Blancco, these validations allow our customers to trust that our products have been verified externally. You don’t have to take our word that our products are the best; these trusted, nonpartial leaders in the data sanitization space have verified that for you.
Third-party validations must be renewed on a consistent basis to stay current with new product updates. These validations often prove standalone data erasure software solutions are superior to OEM hardware solutions, which sometimes include a data erasure component. These solutions may not be certified or validated by external experts, and without this kind of proof of erasure, confidential company, customer and PII data may be left behind. To prove data sanitization, a data erasure solution must not only securely erase data, but also verify that erasure and produce an auditable, tamper-proof Certificate of Erasure report to prove compliance with global regulations. OEM solutions typically do not offer this type of proof.
Blancco has achieved the following 3rd party validations:
Global Approvals and Recommendations
|Asset Disposal & Information Security Alliance (ADISA)
The ADISA audit process is multi-layered and includes full audits, unannounced operational audits and forensic audits. Blancco’s SSD Erasure Method passed both Level I (attack by a threat adversary using standard COTS forensic tools and techniques) and Level II (attack by a threat adversary using standard intrusive/destructive testing tools designed to read data directly off a chip) testing. Additionally, Blancco Mobile Device Eraser has been certified to sanitize data on mobile devices against ADISA risk Levels I and II.
|NSM||The Norwegian National Security Authority
The Norwegian National Security Authority (NSM) approved Blancco to securely erase hard disks intended for declassification and release for commercial use. Blancco software is approved to erase at both Restricted and Confidential levels.
|The Defence INFOSEC Product Co-Operation Group of the UK**
The Defence INFOSEC Product Co-Operation Group (DIPCOG) has approved the Blancco HMG, File, LUN and Mobile solutions for use in the Ministry of Defense and UK Government departments. Due to the high standards set forth by the Ministry of Defense, special security specifications were set based on CESG’s standards. Blancco currently holds the highest number of DIPCOG approvals of any data erasure software company in the UK, and offers the only DIPCOG approved products for selective data erasure, mobile erasure and LUN erasure. Additionally, the UK Ministry of Defense highly recommends our solutions.
TÜV Saarland officially endorsed Blancco’s erasure product based on the positive results found. TÜV Saarland found that Blancco’s software provides a reliable and effective mechanism to erase private data from mobile devices, removable media, LUNs, drives, as well as erases files and folders.
|The Finnish Communications Regulatory Authority
The Finnish Communications Regulatory Authority (FICORA) has approved Blancco erasure software for erasing data from hard drives and Solid State Drives at security classification levels I-IV.
Blancco’s data erasure products are recommended by NATO and included in the prestigious NATO Information Assurance Product Catalogue (NIAPC). Blancco worked closely with NATO to achieve this recommendation and inclusion in NIAPC, which is provided to NATO military partners and Partnership for Peace program members.
OnTrack, the global experts in data recovery, have officially recommended and endorsed Blancco Drive Eraser 6 as the best way to successfully erase data from HDDs and SSDs in servers, laptops and more.
Erasure Standards vs. Certifications
Data erasure certifications and data erasure standards are not the same. Data erasure standards (or erasure “algorithms”) are set forth by government agencies across the globe and refer to the way that a device is sanitized (for example, how many random overwrite passes must be completed to ensure erasure). These are different from certifications because any company can follow these guidelines, but it doesn’t mean that company has been certified by that government organization to meet its stringent requirements. Read our blog about the DoD wiping standard as an example.
To learn more about Blancco’s certifications, supported standards and third-party validations, contact your existing Blancco representative, or reach out to a local team.
* Certification update in progress
** UDPATE: The DipCog group has been disbanded and will be re-branded as DyCips. Once this new authority is up and running we will be able to move our existing certifications across and obtain new certifications on our new products. Our DipCog accreditation is still valid at this time, and Blancco continues to monitor this situation.