The Ticking Timebomb: Data Breach from Hardware End-Of-Life

November 20, 2018 at 3:54 pm by Heidi White

data-securityAs everyone in the industry knows, cybersecurity is a hot commodity these days. According to a definition by Techopedia, cybersecurity refers to preventative methods used to protect information from being stolen, compromised, or attacked. There are any number of ways to protect networks and data storage facilities from cyberattacks, and these methodologies are constantly evolving. Just as the flu virus mutates in reaction to vaccines, so do cybercriminals modify their nefarious behaviors in response to cybersecurity enhancements. Therefore, cybersecurity must constantly evolve, becoming more sophisticated and invasive. However, an often-overlooked area of cybersecurity leaves organizations susceptible to data breaches: hardware end-of-life.

Google-data-denter
Google Data Center, The Dalles, Oregon. Google data centers utilize SEM data destruction devices. Photo courtesy of Tony Webster.

As cloud storage continues to expand at an exponential rate, data centers are popping up all over the globe, and these gargantuan facilities are expected to safeguard the vast amount of data they store. It is now commonplace for data storage facilities to employ a Chief Security Officer (CSO) or a Chief Information Security Officer (CISO) in an effort to stay ahead of hackers and criminals. CSOs and CISOs ensure that data centers are secure and protected by implementing sophisticated products and services including password protection, anti-virus/anti-malware software, software patches, firewalls, two-factor authentication, and encryption methods, all of which come at an extremely high economic cost. According to the 2017 Official Annual Cybercrime Report sponsored by Herjavec Group, it is predicted that global spending on cybersecurity products and services will exceed $1 trillion over the five-year period of 2017 to 2021. Clearly, organizations understand the criticality of a comprehensive data security plan. So why is hardware end-of-life, which is relatively inexpensive in comparison to other cybersecurity spending, not part of this plan?

The answer is simple: a devastating breach has not yet occurred through drive recovery. But it’s only a matter of time.

Airmen from the 341st Communications Squadron at Malmstrom Air Force Base replace worn computer parts, destroy used hard drives, and check system functions as part of their daily operations. The US Air Force utilizes SEM IT destroyers. Photo courtesy Malmstrom Air Force Base.

While it is well understood that recovering files from failed and erased hard drives is relatively simple, much of the evidence in hard drive recovery is anecdotal. Students from various higher learning institutions including MIT and University of Vancouver have conducted studies that found drives sold on eBay to contain sensitive data. Criminals in Africa are well known to salvage old drives from landfills and mine the data for identity theft. Even NAID has conducted a study that found sensitive information on eBay drives. Even more alarming is Idaho Power Company learning that over one third of the drives they had contracted to be destroyed and recycled actually ended up on eBay – along with the sensitive, confidential company and employee data they contained. And there are myriad similar studies and evidence of data recovery from failed or erased drives.

So where is the public outrage and demand for more secure drive disposal? The reality is that there has not yet been a truly significant breach as a result of hardware end-of-life recovery. The NSA has long understood that hardware end-of-life leaves sensitive information vulnerable, and they have strict regulations in place for dealing with information disposal, from paper to optical media to hard drives. But many organizations seem to think that erasure, overwriting, or a quick drill to the drive is “good enough” — dangerous thinking that could not be more erroneous.

SEM’s line of hard drive destroyers eliminate data and meet regulatory requirements.

Truly security-minded organizations understand that the only way to ensure data security and privacy at hardware end-of-life is on-site drive destruction. And while some forward-thinking CSOs and CISOs have already implemented such measures, most have not. It is only a matter of time before a major (read: expensive) breach occurs as a result of end-of-life drive recovery, at which time the masses will demand an explanation as to why drive destruction had not been addressed in the first place. To which I will say, “I told you so.”

Inside Sales Representative / Jr. Account Manager

November 5, 2018 at 7:46 pm by Heidi White

Security Engineered Machinery Co., Inc. (SEM), a growing manufacturing and distribution company specializing in information security and destruction and headquartered in Westborough, MA, has an exciting opportunity for an Inside Sales Representative / Jr. Account Manager. This position offers base salary + commission.

Responsibilities and Duties

  • Act as inside sales supporting our customer base, regional reps, and channel management
  • Make outbound calls to cultivate and develop new business opportunities
  • Provide technical support / assistance to our customers and outside sales group
  • Provide order preparation
  • Prepare quotations to support our outside sales force
  • Document all activities in CRM
  • Provide details for new business opportunities
  • Interface with internal and external customers, exceeding expectations
  • Attend tradeshows, conferences and corporate events
  • Occasional travel to customers within territory

Qualifications and Skills

  • Must be motivated self-starter with strong attention to detail
  • Individual should possess a proactive approach in resolving opportunities with a “close the loop” mentality while working in a fast-paced environment
  • Superior oral and written communication skills including PC literacy are essential
  • Excellent troubleshooting skills
  • Must have the ability to organize and manage multiple tasks and projects effectively
  • Bachelor’s degree or equivalent experience
  • CRM experience a plus
  • Must be a US Citizen and be able to pass a background check
  • Must be able to work for any employer in the United States without sponsorship

Benefits

SEM offers an exciting participatory environment, competitive compensation, attractive benefits including medical, dental, 401K, paid time off, and profit sharing, and personal growth opportunities.

Please send resume, cover letter, and salary requirements to m.divirgilio@semshred.com.

US-CERT Issues Security Tip (ST18-005) on Proper Disposal of Electronic Devices

November 1, 2018 at 1:51 pm by Heidi White
Originally published by us-cert.gov on October 30, 2018

Why is it important to dispose of electronic devices safely?

US-CERT is a division of Homeland Security

In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras allow you to keep a great deal of information at your fingertips, but when you dispose of, donate, or recycle a device you may inadvertently disclose sensitive information which could be exploited by cyber criminals.

Types of electronic devices include:

  • Computers, smartphones, and tablets — electronic devices that can automatically store and process data; most contain a central processing unit and memory, and use an operating system that runs programs and applications.
  • Digital media — these electronic devices create, store, and play digital content. Digital media devices include items like digital cameras and media players.
  • External hardware and peripheral devices — hardware devices that provide input and output for computers, such as printers, monitors, and external hard drives; these devices contain permanently stored digital characters.
  • Gaming consoles — electronic, digital, or computer devices that output a video signal or visual image to display a video game.

What are some effective methods for removing data from your device?

There are a variety of methods for permanently erasing data from your devices (also called sanitizing). Because methods of sanitization vary according to device, it is important to use the method that applies to that particular device.

Methods for sanitization:

Backing Up Data

Saving your data to another device or a second location (e.g., an external hard drive or the cloud) can help you recover your data if your device is stolen. Options for digital storage include cloud data services, CDs, DVDs, and removable flash drives or removable hard drives (see Using Caution with USB Drives and Protecting Portable Devices: Data Security for more information). Backing up your data can also help you identify exactly what information a thief may have been able to access.

Deleting Data

Removing data from your device can be one method of sanitization. When you delete files from a device—although the files may appear to have been removed—data remains on the media even after a delete or format command is executed. Do not rely solely on the deletion method you routinely use, such as moving a file to the trash or recycle bin or selecting “delete” from the menu. Even if you empty the trash, the deleted files are still on device and can be retrieved. Permanent data deletion requires several steps.

Computers. Use a disk cleaning software designed to permanently remove the data stored on a computer hard drive to prevent the possibility of recovery.

  • Secure erase. This is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive.
  • Disk wiping. This is a utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.

Smartphones and tablets. Ensure that all data is removed from your device by performing a “hard reset.” This will return the device to its original factory settings. Each device has a different hard reset procedure, but most smartphones and tablets can be reset through their settings. In addition, physically remove the memory card and the subscriber identity module card, if your device has one.

Digital cameras, media players, and gaming consoles. Perform a standard factory reset (i.e., a hard reset) and physically remove the hard drive or memory card.

Office equipment (e.g., copiers, printers, fax machines, multifunction devices). Remove any memory cards from the equipment. Perform a full manufacture reset to restore the equipment to its factory default.

Overwriting

Another method of sanitization is to delete sensitive information and write new binary data over it. Using random data instead of easily identifiable patterns makes it harder for attackers to discover the original information underneath. Since data stored on a computer is written in binary code—strings of 0s and 1s—one method of overwriting is to zero-fill a hard disk and select programs that use all zeros in the last layer. Users should overwrite the entire hard disk and add multiple layers of new data (three to seven passes of new binary data) to prevent attackers from obtaining the original data.

  • Cipher.exe is a built-in command-line tool in Microsoft Windows operating systems that can be used to encrypt or decrypt data on New Technology File System drives. This tool also securely deletes data by overwriting it.
  • Clearing is a level of media sanitation that does not allow information to be retrieved by data, disk, or file recovery utilities. The National Institute of Standards and Technology (NIST) notes that devices must be resistant to keystroke recovery attempts from standard input devices (e.g., a keyboard or mouse) and from data scavenging tools.

Destroying

Physical destruction of a device is the ultimate way to prevent others from retrieving your information. Specialized services are available that will disintegrate, burn, melt, or pulverize your computer drive and other devices. These sanitization methods are designed to completely destroy the media and are typically carried out at an outsourced metal destruction or licensed incineration facility. If you choose not to use a service, you can destroy your hard drive by driving nails or drilling holes into the device yourself. The remaining physical pieces of the drive must be small enough (at least 1/125 inches) that your information cannot be reconstructed from them. There are also hardware devices available that erase CDs and DVDs by destroying their surface.

  • Magnetic media degaussers. Degaussers expose devices to strong magnetic fields that remove the data that is magnetically stored on traditional magnetic media.
  • Solid-state destruction. The destruction of all data storage chip memory by crushing, shredding, or disintegration is called solid-state destruction. Solid-State Drives should be destroyed with devices that are specifically engineered for this purpose.
  • CD and DVD destruction. Many office and home paper shredders can shred CDs and DVDs (be sure to check that the shredder you are using can shred CDs and DVDs before attempting this method).

For more information, see the NIST Special Publication 800-88 Guidelines for Media Sanitization.

How can you safely dispose of out-of-date electronic devices?

Electronic waste (sometimes called e-waste) is a term used to describe electronics that are nearing the end of their useful life and are discarded, donated, or recycled. Although donating and recycling electronic devices conserves natural resources, you may still choose to dispose of e-waste by contacting your local landfill and requesting a designated e-waste drop off location. Be aware that although there are many options for disposal, it is your responsibility to ensure that the location chosen is reputable and certified. Visit the Environmental Protection Agency’s (EPA) Electronics Donation and Recycling webpage for additional information on donating and recycling electronics. For information on recycling regulations and facilities in your state, visit the EPA Regulations, Initiatives, and Research on Electronics Stewardship webpage.

Security Engineered Machinery Turns Electronic Data Into Dust

October 31, 2018 at 1:24 pm by Heidi White
Leonard Rosen, SEM Founder and Chairman of the Board

As the world becomes more technologically advanced, so has the world of data destruction. Westborough-based Security Engineered Machinery, founded more than 50 years ago, has met that demand with devices that destroy hard drives. Founder Leonard Rosen spoke to WBJ about the company’s role in securing the information of government agencies and government contractors.

How does SEM help keep the country’s data secure?

Every military installation — and company of note — is involved with electronic media. In the past, it was all paper. As time went on and advancements were made in communications and data storage, electronic media became the ultimate in information accumulation.

We have adapted by coming out with machines that can destroy the information on these new devices.

What kind of machines?

Our biggest area of expertise is in hard-drive destruction. That’s done in several ways. One is by deaussing, which is introducing a magnetic charge to a hard drive that basically erases that information.

Are the physical items also destroyed?

We have crushers that exert force into a hard drive and very heavy-duty shredders that accept hard drives and chew them up into tiny pieces.

How much communication is there with customers on new adapting SEM devices to fit their needs?

Depending on what the government agency or defense contractor is doing, we can adapt our machines to meet whatever security requirement they have.

SEM does work with defense contractors?

You’ll be hard pressed to find a major defense contractor in the U.S. that doesn’t use our technology.

Do these products have to meet any government standards?

When we find out what new devices need to be destroyed, we either have something that can destroy it or we start designing one that can do it. Once we have a completed product that we have confidence in, we sent it to National Security Administration for evaluation.

How is it evaluated?

They put it through volume tests, but the end product is more important. The toughest thing we’re doing now is destroying solid state drives. There’s so many layers of information in those, so it’s a two-step situation.

Original post by Worcester Business Journal on wbjournal.com

This interview was conducted and edited for length and clarity by WBJ Staff Writer Zachary Comeau.

Security Engineered Machinery to Rebrand SITES Business Under SEM Brand

October 30, 2018 at 11:04 pm by Heidi White

Growing secure data destruction device manufacturer has said the change will take place on November 1

SEM will continue to provide the same product offerings and superior service that SITES clients have come to expect.

Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, announced late Tuesday afternoon that it will no longer market SITES-branded equipment as of November 1. All products previously branded under SITES will continue to be sold globally under the SEM brand.

Andrew Kelleher, SEM President and Chief Executive Officer, says the decision to discontinue the SITES brand came as a result of extensive market research and product review. “The SITES brand was originally started to serve our growing commercial client base, but we found that there was significant overlap with our government and commercial clients,” said Kelleher. “We also found that there was significant product redundancy between the SEM and SITES brands, which the simplification will resolve. We are appreciative of our clients and resellers who have worked with us under the SITES brand and are diligently working through a seamless transition with them.”

In business for over 50 years, SEM sells primarily to United States federal government entities including the military, FBI, CIA, DoD, Department of State, and Department of Treasury. SEM will now also service existing SITES commercial clients including data centers, financial services companies, healthcare organizations, security printers, and cloud solution providers and will directly market to commercial clients under the SEM brand moving forward.

“Eliminating the SITES brand enables us to sharpen our focus on the strong industry reputation and significant global brand awareness of SEM,” added Kelleher.

SEM will continue to support existing SITES products through parts availability and its world-class sales and service teams. The new commercial section of the SEM website can be accessed via the green tab at the top of the page.

Patch Barracks Classified Data Destruction Facility — A Highly Successful Installation

October 12, 2018 at 8:18 pm by Heidi White

SEM recently installed a classified data destruction facility at Patch Barracks in Stuttgart-Vaihingen, Germany under the direction of EUCOM, AFRICOM, and the 405th Army Field Support Brigade. The centralized facility, in support of local operations, is a green operation  providing for zero landfill and recycle of all materials.  The facility includes an SEM Model DS1436 NSA listed dual stage disintegrator with trio briquettor for bulk paper destruction along with multi-media destruction equipment capable of destroying complete Laptops.  Two SEM Model EMP1000-HS NSA listed high security degaussers, two SEM Model 0304 high volume combo HDD/SSD hard drive shredders, two 0202 Optical Medial destroyers, and an existing SEM Model DS1436 disintegrator provide total redundancy of all destruction capabilities. These devices provide a destruction solution for all levels of classified paper, optical media, and hard drives. SEM’s own Todd Busic, Ricardo Leon, and Don Donahue were on site to finalize the installation and provide systems start-up and training to staff. A ribbon cutting ceremony was held Friday October 12th where Garrison Commander Col. Neal A. Corson officially opened the facility for operations. Special thanks to EUCOM, AFRICOM, DPW, and the 405th for working as a trusted partner with SEM to ensure timely and successful completion of this important project.

Ribbon cutting ceremony for the Classified Destruction Facility
The facility has two of each device to ensure complete redundancy of all destruction capabilities. Pictured: two NSA listed degaussers on IT carts next to two combo hard drive shredders
Ready to use the 0304 HDD/SSD combo shredder
The project was completed with support from EUCOM and AFRICOM.
Patch Barracks main gate
Success! The destruction facility is fully operational. Todd Busic is pictured right.
The briquettors provide a zero landfill, green paper destruction solution
The disintegrators are high capacity, capable of destroying entire boxes of paper material at once.
Pictured is one of the SEM Model EMP1000-HS degaussers in front of an SEM Model 0304 combo hard drive shredder.
SEM Engineer Ricardo Leon worked on the master control panel during the installation.
The team even celebrated with a custom made cake.
The facility houses two SEM Model 1436 dual stage disintegrators, one brand new and one 15 years old. SEM machines are built to last!
Patch Barracks employees test out the new EMP1000-HS degausser.

Electromechanical Technician

October 4, 2018 at 6:31 pm by Heidi White

Security Engineered Machinery Co. Inc. (SEM), a growing manufacturing company specializing in information security and destruction equipment and headquartered in Westboro, MA, has an immediate opening for an Electromechanical Technician. SEM has been a critical solution provider of media destruction equipment to the U.S. government organizations including the military, FBI, CIA, DoD, Department of Treasury, and Federal Embassies, as well as large multinational commercial entities for over 50 years. SEM’s solutions include devices that destroy a variety of information storage media from paper and optical to hard disc drives and solid state media.

Responsibilities:

  • Electromechanical assembly and testing of security destruction equipment
  • Service and maintenance of large capital equipment
  • Troubleshooting and repair of customer returned equipment
  • Support of engineering as needed for testing and assembly of product
  • Support of other disciplines as required

Required Qualifications:

  • Strong electromechanical background with good mechanical skills
  • Experience with basic hand and power tools
  • Ability to read mechanical and electrical drawings
  • Ability to follow assembly procedures to produce finished product
  • Minimum of two years of service/ manufacturing experience
  • Ability to problem solve at a technical level
  • Ability to work independently and multi-task with attention to detail
  • Must be available for travel up to 50%
  • Proficient computer skills and strong basic math skills
  • Strong communication and interpersonal skills
  • Current driver’s license and safe drivers record
  • Must be able to pass a background check
  • Must be able to lift 50 lbs.

Preferred Qualifications:

  • Electrical assembly and high voltage wiring experience
  • PLC programming experience
  • Ability to weld and paint

Hours are 8-4:30 M-F. Please send resume, cover letter, and salary requirements to m.divirgilio@semshred.com.

Field Service Technician / Industrial Equipment Installation

September 20, 2018 at 12:24 pm by Heidi White

SEM is seeking a hands-on skilled Field Service Technician based in the Washington D.C./Virginia area. SEM is a leader in providing, installing, and servicing shredders, rotor knife mills and other destruction equipment used for destroying paper and electronic media. Visit SEM website at semshred.com for company product and information.

RESPONSIBILITIES:

  • Install, service, and maintain light and heavy duty destruction equipment
  • Troubleshoot and repair destruction equipment
  • Assemble and erect ductwork and other ancillary items to support industrial equipment
  • Assemble industrial equipment
  • Read mechanical and electrical drawings
  • Communicate verbally and written to customers, all internal levels
  • Write service reports
  • Other duties as assigned
  • 50% travel both domestic and international

PREFERRED QUALIFICATIONS:

  • Strong electromechanical background with good mechanical skills
  • Service experience and or manufacturing experience, minimum of 2 years
  • Responsiveness to customers’ needs and ability to problem solve at a technical level
  • Ability to work independently and multi-task with attention to detail
  • Current driver license and safe driver record
  • Technical education or higher
  • Computer skills and basic math skills
  • Strong communication and interpersonal skills
  • Security clearance and valid passport a plus
  • Must be a US Citizen

BENEFITS:

  • Health and Dental Insurance
  • 401k Match
  • Paid Vacation & Sick Time
  • Incentive Program
  • Company Van

Solid State Devices: Destruction Overkill?

September 19, 2018 at 8:54 pm by Heidi White

data-securityOrganizations frequently use paper shredders and computer media destroyers that are approved for the highest security materials they ever have, using that equipment for all of their materials in a single stream process.  Also common is to get the highest security level device that is available, even it goes well beyond the level of destruction mandated for or customarily used for the materials they actually have.  This could be called a “better safe than sorry” philosophy for media destruction.

For some information destruction equipment, like office paper shredders, choosing the most secure equipment for everything can often work out alright.  This choice will almost always be more costly than selecting the minimum security level device for each type of material for which it will be used.  However, a greater cost is often accepted in return for the confidence of having the greatest possible degree of information destruction.  For paper shredders, the highest security level means the smallest particle size, typically produced by NSA listed models.

SSD-destructionThe situation for solid state media destroyers is very different.  As a rule, dramatically greater hassle and cost will come from choosing the most secure possible device.  Solid state materials include whole solid state drives, flash memory sticks, thumb drives, circuit boards with flash storage, cell phones, and some smart cards. The highest security level for destroying these types of materials is the NSA standard, currently set at a maximum of 4mm squared, with compliant devices typically producing a particle size of 2mm x 2mm.  This particle size is required by the NSA for classified solid state items.

At the time I am writing this, the choices for NSA listed SSD destroyers are minimal.  There is only one office friendly device with extremely limited capabilities.  There are also a couple of large industrial type devices suited for folks with large spaces and large budgets.  With the current set of choices, getting an NSA listed SSD destroyer means enormous costs. Adding to the large initial cost, operational labor (due to very slow throughput), replacement parts, repairs, and preventive maintenance are very high for these machines.

shred ssdThe reality is that many organizations don’t need an NSA level of destruction for all of their solid state materials.  Often the classified items are only a very limited part of the mix.  In these cases, there are a few ways to save a lot of money and hassle.  If none of the solid state items to be destroyed are actually classified, there are machines that are many times faster, much more rugged, and are a small fraction of the cost of the NSA listed machines.  These devices produce high to extreme levels of destruction, well beyond any reasonable likelihood of reconstruction of any data.  If only a portion of the items in the mix is classified material, a major bump in productivity plus significant savings can come from using one of these lower cost devices for the unclassified items.  Even if an NSA listed SSD destroyer is brought in, the load on it can be reduced by using a second machine for the unclassified materials.  This type of dual stream process can save many times the cost of the second machine in terms of reduced purchases of repairs, maintenance, and spare parts.

When it comes to solid state media destruction, for folks whose materials are all or mostly unclassified, going with general purpose SSD destroyers offers these benefits over NSA listed SSD destroyers:

  1. Up to 20 times faster throughput
  2. Minimal service needs, even zero service needs through thousands of cycles
  3. Ability for most models to take whole SSDs with no assembly
  4. Models that run off of regular 120V wall current
  5. Dramatically lower cost for the equipment, ongoing service, and parts

Of course, technologies change over time.  New products will surely come out.  NSA certifications will change.  It is a moving parade over longer time scales.  But, for now, a great strategy for dealing with solid state media destruction that is partly or totally unclassified is to get a good general purpose SSD destroyer that provides a satisfactory level of destruction.

Bob Glicker, Mid-Atlantic Regional Sales Manager, has over 35 total years of sales experience with over 23 years of targeted government sales experience. Bob prides himself on providing the highest level of service to his government clients, and he enjoys working with key resellers. Bob received his BS in Chemistry from the University of Maryland, College Park. In his free time, Bob enjoys a variety of activities including gym workouts, cycling, reading, and listening to podcasts. He is also an avid science lover, an amateur juggler, a vegetarian, and the quintessential family guy.

An IT Destruction Audit Trail – How to Simplify the Process

August 23, 2018 at 2:47 pm by Heidi White

HDD-degaussIf you deal with sensitive drives, the NSA/CSS requirements for destruction of classified and higher drives requires that they first be degaussed by an NSA approved degausser and then physically destroyed. This 2-step process is not complete without the third critical step: documentation/destruction audit trail of everything destroyed. Therefore, you must properly document before you degauss and then destroy.

An important part of any HDD/SSD media destruction program is the accurate creation of a complete end of life audit trail.  Until now it has been up to the operator of the degausser/destruction equipment to fill out the appropriate tracking form by hand, recording the serial numbers of the drives destroyed so there is a record of who, what, where and when they were destroyed.  This is a very time-consuming and tedious process, and one that is prone to unintentional errors in the serial numbers recorded.  The need for accuracy in this documentation is extremely important in the event of an audit or the need to track a specific drive — especially a classified one.

The iWitness is a plug and play documentation tool that is both accurate and time-saving

Whether you have ten drives or 10,000 drives to destroy, an easy way to streamline the process and dramatically increase the speed and accuracy while gathering additional information on the specific drive’s destruction is to automate the process using the SEM iWitness audit-friendly media tracking and end-of-life documenting solution.

The iWitness is a simple plug and play, end-of-life documentation tool for IT destruction. The iWitness consists of a laptop with a 15” screen, a handheld barcode scanner, and pre-loaded iWitness software, and is the only system that is fully SCIF compliant right out of the box.  This SCIF compliant system is completely stand-alone and does not need to connect to a network. The software is installed on a guest account, the Wi-Fi and Bluetooth are disabled, it has no cameras, and writes to a CDR — absolutely no USB is required. The iWitness system is the ideal solution for classified environments and SCIFs.

The iWitness comes complete with a laptop, scanner, and pre-loaded software

The process is simple: just scan an HDD or SSD bar code and the software records the media and documents the erasure status and gauss level, after which the information can be exported to a cross-compatible CSV file and saved to a CDR or, if preferred and not in a SCIF, a USB drive. The iWitness not only keeps an audit trail, it also prompts the operator through every step of the process, so no step is missed. The software records manufacturer, model, serial number, destruction method and device used, operator name, time, and date.  In addition, the iWitness can be easily customized to record additional drive information as required.

This machine is compatible with the SEM EMP-1000HS and EMP-1000 degaussers, as well as the entire line of SEM HDD/SSD crushers, shredders, and disintegrators. It can also be used with non-SEM destruction devices if preferred. When used with an SEM degausser, the iWitness system provides erasure verification by recording the Pass/Fail status and the magnetic field strength communicated directly from the degausser via a barcode displayed on the degausser’s LCD panel, which can be scanned with the iWitness to confirm sanitization.  This is an exclusive compatibility feature of SEM degaussers; however, competitive degaussers can also be used without this feature.

The SEM iWitness offers a full-featured solution to the cumbersome chore of filling out various documentation forms, making your audit trail recording a breeze. The iWitness complies with all major security requirements including NIST SP 800-36/NIST SP 800-88, PCI DSS, HIPAA, FACTA, FISMA, PIPEDA, GLBA, California Senate Bill 1386, and FCC standard. If time savings, increased recording accuracy, operational simplicity, and regulatory compliance are important to your organization, the SEM iWitness would be a great addition to your media destruction program.


Mike Wakefield, Southeast Regional Sales Manager, has over 34 years of sales experience, 25 of which have been with SEM, and he is a Subject Matter Expert in data destruction and government contracting. Throughout his career at SEM, Mike has worked with key clients including the federal government, U.S. military, defense contractor community, and Fortune 500 companies. Mike prides himself on being able to anticipate new markets and emerging technologies while also working with the intelligence community to meet current and future needs, all while protecting the environment.