NanoSoftNanoSoft
Free tool, no email required

Clear, Purge or Destroy? Get the right NIST 800-88 method.

Tell it about the device and the data, including whether it still works and whether it was encrypted. You get the correct NIST SP 800-88 Rev.2 method, the exact technique, the traps that catch people out, and the standards it satisfies.

Find your method

Updates live as you choose. Based on NIST SP 800-88 Rev.2 (2025) and IEEE 2883-2022. Your answers stay in your browser.

Recommended NIST 800-88 method
PURGE

Applies stronger logical or physical techniques so data cannot be recovered even with laboratory tools. The preferred method where feasible.

Clear
Purge
Destroy

Why this method

The data is moderately sensitive and the device leaves your control for reuse or resale. On NIST 800-88's risk-based logic, that combination calls for this method as the safe default.

How to do it for this media

Overwrite with verification, the drive's firmware Secure Erase command, or degauss with an approved degausser (degaussing leaves the drive unusable).

Traps to avoid

Deleting files or quick-formatting leaves the data fully recoverable. One overwrite pass is fine for Clear but not for high-sensitivity Purge.

Outcome and compliance

Device reusable after?
Yes. Once sanitised and validated, it can be reused, redeployed or resold.
Standards this supports
UK GDPR (Art 5(1)(f), Art 32), DPA 2018, ISO/IEC 27001:2022 (A.7.14, A.8.10) and ADISA, aligned to NIST 800-88 Rev.2 and IEEE 2883-2022.

Then prove it (Rev.2)

Verify, then validate. Confirm the process ran, then validate that no data is recoverable, and keep a certificate of sanitisation. NIST SP 800-88 Rev.2 defers the exact technique to IEEE 2883-2022. A factory reset or file deletion alone meets none of the three methods.

Want it done and certified?

Nanosoft performs NIST 800-88 Rev.2 sanitisation across every media type, with per-device verification, validation and a certificate of destruction in a single audit pack. DBS-vetted in-house engineers, onsite or at our facility.

Talk to our teamHow destruction worksFree ITAD templates

NIST 800-88 questions people actually ask

What are Clear, Purge and Destroy in NIST 800-88?+

Clear uses standard read and write commands to remove user-addressable data and protects against simple recovery. Purge uses stronger techniques such as cryptographic erase or block erase to protect against laboratory recovery. Destroy physically shreds, disintegrates or pulverises the media so it cannot be reused or recovered.

Does overwriting an SSD securely erase it?+

No. SSD and NVMe controllers spread data across wear-levelled and over-provisioned cells that standard overwrite commands cannot reach. Under IEEE 2883-2022, solid-state Purge requires verified cryptographic erase or the drive’s sanitize command, or physical destruction.

Can you cryptographically erase a device that was never encrypted?+

No. Cryptographic erase works by deleting the encryption key, so it only protects data if the device was encrypted from first use. An unencrypted device must be purged with the drive’s sanitize command or physically destroyed.

What do you do with a hard drive that has failed?+

If a drive will not power on or respond, you cannot Clear or Purge it through its interface, so physical destruction is the only reliable option under NIST 800-88, regardless of the data sensitivity.

What changed in NIST 800-88 Rev.2?+

Rev.2, published in September 2025, shifts from device-specific technique tables to a risk-based programme, defers technique detail to IEEE 2883-2022, and formally separates verification (the process ran) from validation (no data is recoverable), both documented with a certificate.

Note: Guidance is based on NIST SP 800-88 Rev.2, Guidelines for Media Sanitization (NIST, September 2025) and IEEE 2883-2022. NIST Rev.2 is risk-based and defers specific techniques to IEEE 2883 or NSA specifications; method selection here is a simplified aid using data sensitivity, destination, device condition and media type. Standards mapping indicates where a properly performed, validated and certified method supports common obligations; it is general guidance, not legal advice or a substitute for your own sanitisation programme. Always verify the process, validate that no data is recoverable, and retain a certificate.