What should a certificate of destruction include?

A proper certificate of destruction should include: your organization's name and address, complete inventory of destroyed devices with manufacturer/model/serial numbers, destruction method used (shredding, crushing, etc.), date and time of destruction, name and signature of responsible party, vendor's certification credentials (NAID AAA, R2), chain of custody documentation, and technician identification. STS provides all these elements in our certificates.

How long should I keep certificates of destruction?

Retention requirements vary by regulation. HIPAA requires retaining documentation for six years. PCI DSS and SOX have similar requirements. We recommend keeping certificates of destruction for at least seven years, and many organizations retain them indefinitely as part of their permanent compliance archives. Digital copies make long-term storage simple and ensure accessibility during audits.

Why do I need serial numbers on my certificate of destruction?

Serial numbers create a direct link between your IT asset inventory and the destruction record. This allows you to prove that specific devices containing sensitive data were properly destroyed. During audits, you can match serial numbers from your asset management system to your destruction certificates, demonstrating complete chain of custody from deployment to destruction.

What's the difference between a certificate of destruction and a certificate of recycling?

A certificate of destruction specifically documents that data-bearing devices were destroyed and data was rendered unrecoverable. A certificate of recycling documents that materials were processed through an environmentally responsible recycling program. For data security compliance, you need a destruction certificate. STS provides both—destruction certificates for data security and recycling documentation for environmental compliance.

Can I get a certificate of destruction for on-site shredding?

Yes, when you choose on-site hard drive shredding, you receive your certificate of destruction before our mobile destruction truck leaves your facility. This includes all standard documentation plus witness verification confirming you observed the destruction. On-site certificates provide immediate documentation with no waiting period.

What certifications should the destruction vendor have?

Look for NAID AAA certification, which specifically covers data destruction security through annual audits, employee background checks, and documented procedures. R2 certification covers environmentally responsible recycling. A vendor's certification credentials should appear on your certificate of destruction to document due diligence. STS maintains both NAID AAA and R2 certifications.

How do certificates of destruction help during audits?

Certificates of destruction provide documented proof that your organization properly disposed of sensitive data. During HIPAA, PCI DSS, SOX, or other compliance audits, you can produce certificates showing: what was destroyed, when it was destroyed, how it was destroyed, who performed the destruction, and the vendor's qualifications. This documentation demonstrates due diligence in data protection.

Do you provide electronic copies of certificates?

Yes, STS provides both physical and electronic copies of all destruction certificates. Digital certificates are delivered via secure email and can be easily stored in your document management system for quick retrieval during audits. Electronic records also provide backup protection against physical document loss.

What destruction methods are documented on the certificate?

Our certificates specify the exact destruction method used: physical shredding for hard drives and SSDs (with particle size notation), degaussing for magnetic media where applicable, and crushing for specific applications. The method documentation confirms that appropriate destruction was performed for the media type, meeting NIST 800-88 guidelines.

Certificate of Destruction Services | Data Destruction Documentation | STS

Certificate of Destruction Services

Detailed destruction documentation for hard drives, SSDs, and electronic media. Every certificate includes complete device inventory with serial numbers, destruction method, date/time, chain of custody, and our NAID AAA certification credentials—ready for any compliance audit.

✓Serial Number Tracking

✓Chain of Custody Documentation

✓Audit-Ready Format

Request Documentation

(800) 767-8798 Call Now Got Questions? Email Us

Apply Now

Audit Documentation

What Is a Certificate of Destruction?

A certificate of destruction (COD) is the official documentation that proves your data-bearing devices have been permanently destroyed. It's the audit trail compliance officers need to demonstrate proper data disposal.

Your Proof of Compliance

When auditors ask how you disposed of hard drives containing sensitive data, your certificate of destruction provides the answer. It documents exactly what was destroyed, when it was destroyed, how it was destroyed, and who performed the destruction.

Without proper destruction documentation, you cannot prove compliance with HIPAA, PCI DSS, SOX, GLBA, or other data protection regulations. A certificate of destruction from a certified vendor creates the audit trail you need.

STS provides certificates of destruction for every data destruction service—whether on-site at your facility or at our certified processing center.

Certificate of destruction documentation for hard drive and electronic media destruction

Complete Documentation

What's Included in Your Certificate of Destruction

Every STS certificate of destruction includes the documentation elements required for compliance audits across HIPAA, PCI DSS, SOX, and other regulatory frameworks.

Device Inventory

Complete listing of every destroyed device including manufacturer, model, and serial number. Links your asset inventory directly to the destruction record.

Manufacturer & Model
Serial Numbers
Device Count
Media Type

Destruction Details

Specific documentation of how each device was destroyed—shredding, crushing, or other approved methods—with verification that data is unrecoverable.

Destruction Method
Date & Time
Location (On-Site/Facility)
NIST 800-88 Compliance

Vendor Credentials

Our NAID AAA and R2 certification credentials appear on every certificate, documenting your due diligence in vendor selection for audit purposes.

NAID AAA Certification
R2 Certification
Technician ID
Authorized Signature

Request Sample Certificate About Our Certifications

Serial number tracking for hard drive destruction certificate documentation

Why Serial Number Tracking Matters

Serial numbers create a direct, verifiable link between your IT asset inventory and your destruction records. When an auditor asks about a specific device that contained sensitive data, you can match the serial number from your asset management system to your certificate of destruction.

This complete chain of documentation—from device deployment to data destruction—demonstrates that you maintained proper custody of sensitive data throughout the device lifecycle. Without serial number tracking, you cannot prove specific devices were properly destroyed.

Asset Tracking

Match to your inventory

Complete Chain

Deployment to destruction

Documentation Standards

AUDIT-READY CERTIFICATES

Every certificate of destruction from STS Electronic Recycling meets the documentation requirements for HIPAA, PCI DSS, SOX, GLBA, and other regulatory frameworks.

Get Certified Destruction →

100%

Serial Tracking

NAID

AAA Certified

Digital

& Physical Copies

Same

Day for On-Site

How Long Should You Keep Certificates of Destruction?

Retention requirements vary by regulation. Here are the minimums—but many organizations retain destruction records indefinitely.

HIPAA

6 Years

From date of creation or when last in effect

PCI DSS

1+ Year

Minimum; longer recommended

SOX

7 Years

For audit workpapers

Best Practice

7+ Years

Or indefinitely

Pro Tip: STS provides both physical and digital copies of all certificates. Digital records make long-term storage simple and ensure quick retrieval during audits—even years later.

Complete Coverage

Electronic Media We Document

Certificates of destruction are provided for all electronic storage media types processed through our NAID AAA certified facility.

Hard Drives & SSDs

Other Electronic Media

Backup Tapes (LTO, DLT, DAT)
USB Flash Drives
Mobile Devices & Tablets
Network Equipment
Optical Media (CD/DVD)

On-Site Destruction: Certificate Before We Leave

When you choose on-site hard drive shredding, you receive your certificate of destruction immediately—before our mobile destruction truck leaves your facility. No waiting, no delays.

On-site certificates include witness verification confirming you observed the destruction, adding an extra layer of documentation for organizations with strict compliance requirements.

On-site hard drive destruction with immediate certificate of destruction

On-Site Destruction

Certificate before we leave
Witness verification included
Data never leaves your facility

Facility Destruction

Certificate within 24-48 hours
Chain of custody documentation
Same comprehensive documentation

Common Questions

Certificate of Destruction FAQ

Answers to common questions about data destruction documentation

What is a certificate of destruction?

A certificate of destruction is official documentation verifying that data-bearing devices have been permanently destroyed. It includes device inventory with serial numbers, destruction method, date/time, chain of custody, and vendor certification credentials—proving compliance with data protection regulations.

How long should I keep certificates?

HIPAA requires six years, SOX requires seven years, and PCI DSS requires at least one year. We recommend keeping certificates for a minimum of seven years. Many organizations retain them indefinitely as permanent compliance records.

Why do I need serial numbers?

Serial numbers create a direct link between your IT asset inventory and destruction records. During audits, you can match serial numbers from your asset management system to your certificates, proving specific devices containing sensitive data were properly destroyed.

Do you provide digital copies?

Yes, STS provides both physical and digital copies of all certificates of destruction. Digital records are delivered via secure email for easy storage in your document management system and quick retrieval during audits—even years later.

Need Audit-Ready Destruction Documentation?

Every STS data destruction service includes a detailed certificate of destruction with serial numbers, chain of custody, and our NAID AAA certification credentials. Request a sample or schedule destruction services.

Request Sample Certificate Call (800) 767-8798

Serial Number Tracking

Every device documented with full details

NAID AAA Certified

Third-party verified destruction

Audit-Ready Format

Meets all regulatory requirements