Why are Data Erasure Certifications & Third-Party Validations So Important?

Jul 23, 2021 Blog Article

Global certifications showcase our software’s ability to meet the needs of even the most highly regulated industries and organizations. Validations work differently. Below, we compare the two and explain why they matter.

Vivian Cullipher Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s communications and content manager, she supports the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.

Data and Security Certifications vs. Validations: What’s the Difference?

At Blancco, we talk a lot about our global certifications and third-party validations of our products. But we also understand that the world of compliance, approvals, standards, and certifications can be confusing for those who don’t work in legal and compliance roles. This post will help you understand the importance of both data erasure certifications and third-party validations and the role they play in choosing a data erasure software solution. We’ll also cover the difference between data erasure certifications and data erasure standards.

The Importance of Data Erasure Certifications

Data erasure product certifications aren’t easy to achieve. That’s why Blancco is so proud to be the most certified data erasure software provider globally.

By its very definition, product certification endorses our products’ effectiveness by subjecting them to independently-validated quality and performance tests. It is the strongest possible indicator of the quality within the product and the environment in which it’s developed. To earn a certification, an organization must meet compliance with specific industry standards and/or data privacy/security regulations.

Global Software Certifications

We have earned the following global certifications for our software-based data erasure:

Awarding Body Description  
Common Criteria LogoCertified for Common Criteria (ISO 15408) 
Common Criteria is an internationally recognized independent security certification recognized by governments in 31 countries across Europe, Australasia, Asia and North America. Blancco 6.9.1 and Blancco File Eraser are Common Criteria certified. 
ANSSI 
Blancco is certified by ANSSI (French National Cybersecurity Agency) as fully compliant with all certification requirements, the only data erasure software provider to be certified at this level by the French governing body. The ANSSI evaluation encompasses erasure of both HDDs and SSDs. 
DCSSICentral Information Systems Security Division 
Blancco is certified and recommended by the DCSSI (Central Information Systems Security Division under the authority of the French General Secretary for National Defense). Blancco is the only certified data erasure solution in France. 
BSI – Federal Office for Information Security 
Blancco is certified by the Federal Office for Information Security (BSI), also known as the German Information Security Agency (GISA). The approved version fulfills the stringent security requirements of the BSI guidelines for classified documents and has been audited by the TÜV SÜD. 
NYCE 
Blancco’s data erasure software is approved and certified in accordance with NYCE Mexican standards for development. As a result, Blancco’s methods of erasure have been evaluated and deemed to be in compliance with the criteria established by the INAI Guide to secure data deletion.
Netherlands National Communication Security Agency 
The Dutch National Signals Security Bureau (NBV), part of the General Intelligence and Security Service of the Netherlands that promotes the protection of government information, has approved Blancco 5 for erasing HDDs and SSDs. 
The Polish Internal Security Agency 
The ABW, revered as the Polish special service, is responsible for protection of the country’s internal security and its constitutional order. Blancco is the only data erasure software certified by Polish authorities. 
Swedish Armed Forces 
Blancco is certified by the Swedish Armed Forces, providing our Scandinavian and Nordic customers with an absolute line of defense against security breaches. 
National Cyber Security Centre (NCSC) 
Blancco is certified by the National Cyber Security Centre, the UK Government’s National Technical Authority for Information Assurance. The Blancco product exceeded the highest security specifications detailed in the HMG Infosec Standard No: 5. 
*“Blancco 4” and “Blancco 5” have since been renamed “Blancco Drive Eraser.” Likewise, “Blancco Mobile Device Eraser” is now “Blancco Mobile Diagnostics & Erasure.”

These global certifications showcase our software’s ability to meet the needs of even the most highly-regulated industries (and organizations). Our tamper-proof certificates of erasure (which come with every erasure) are audit-ready and designed to help your organization meet compliance—no matter where your business is located.

(For more information on how data erasure certifications work in North America specifically, including the NIAP certification, please see our blog on the topic. As a quick overview, this certification is no longer offered in the United States, so any company that claims to have it is showcasing an outdated certification that is several years old and applies to an older version of its software. Therefore, it’s important that organizations always evaluate a vendor’s most current software, to ensure it is not only certified, but also third-party validated in its most current iteration.)

Third-Party Validations

Perhaps even more important than certifications, third-party validations confirm that data erasure software works as a vendor promises it does. At Blancco, these third-party approvals and recommendations allow our customers to trust that our products have been verified externally.

You don’t have to take our word that our products are the best; these trusted, impartial leaders in the data sanitization space have verified that for you.

Third-party validations must be renewed on a regular basis to stay current with new product updates. These approvals often prove standalone data erasure software solutions are superior to OEM hardware solutions, which sometimes include a data erasure component. OEM erasure solutions may not be certified or validated by external experts, and without this kind of proof of erasure, confidential company, customer, and PII data may be left behind.

To prove data sanitization, a data erasure solution must not only securely erase data, but also verify that erasure and produce an auditable, tamper-proof certificate of erasure to prove compliance with global regulations. OEM solutions typically do not offer this type of proof.

Global Software Approvals & Recommendations

Blancco has achieved the following third-party validations:

Awarding Body Description  
North Atlantic Treaty Organization (NATO)
Blancco’s data erasure products are recommended by NATO and included in the prestigious NATO Information Assurance Product Catalogue (NIAPC). Blancco worked closely with NATO to achieve this recommendation and inclusion in NIAPC, which is provided to NATO military partners and Partnership for Peace program members.
The Finnish Communications Regulatory Authority (TRAFICOM)
The Finnish Communications Regulatory Authority has approved Blancco erasure software for erasing data from hard drives and solid-state drives at security classification levels I-IV.
TÜV Saarland
TÜV Saarland officially endorsed Blancco’s erasure product based on the positive results found. TÜV Saarland found that Blancco’s software provides a reliable and effective mechanism to erase private data from mobile devices, removable media, LUNs, drives, as well as erases files and folders.
Asset Disposal & Information Security Alliance (ADISA)
The ADISA Research Centre is the test laboratory operated by ADISA Certification Limited where software overwriting products can have claims made about their effectiveness verified. Blancco’s SSD Erasure Method passed tests against ADISA Test Level I (attack using standard COTS forensic tools and techniques) and Test Level II (attack using standard intrusive/destructive testing tools designed to read data directly off of a chip) testing. Additionally, Blancco Mobile Device Eraser has been certified to sanitize data on mobile devices against ADISA Test Level I.*
*“Blancco 4” and “Blancco 5” have since been renamed “Blancco Drive Eraser.” Likewise, “Blancco Mobile Device Eraser” is now “Blancco Mobile Diagnostics & Erasure.”

Third-Party Endorsements

Awarding BodyDescription
OntrackOntrack
OnTrack, the global experts in data recovery, have officially recommended and endorsed Blancco Drive Eraser 6 as the best way to successfully erase data from HDDs and SSDs in servers, laptops and more.

Blancco has also earned other recognitions that attest to our own operations and our commitment to environmental sustainability through secure erasure that enables safe reuse of IT assets. You can view those recognitions on our certifications page as well.

Erasure Certifications vs. Standards

Data erasure certifications and data erasure standards are not the same. Data erasure standards (or erasure “algorithms”) are set by government agencies across the globe and refer to the way that a device is sanitized (for example, how many random overwrite passes must be completed to ensure erasure). These are different from certifications because any company can follow these guidelines, but it doesn’t mean that company has been certified by that government organization to meet its stringent requirements. Read our blog about the DoD wiping standard as an example.

To learn more about Blancco’s certifications, supported standards, and third-party validations, contact your existing Blancco representative, or reach out to a local team.


This content was originally published April 2018. It was most recently updated July 2021.