Wipe and disposal certificates
Mint a wipe certificate to record how a device's storage was sanitised before it left your fleet. Each certificate captures the device, the sanitisation method, the chain of custody, and a SHA-256 integrity hash, then renders a signature-ready PDF — the evidence an auditor asks for under ISO/IEC 27001 Annex A and GDPR Article 32.
Certificates are append-only in spirit: there is no edit. Fix a mistake by archiving the record and minting a new one.
:::note Before you begin
- You have an admin role (
admin,it-admin, orsuper-admin). The feature lives in the admin console under Wipe certificates. - Know how the device was sanitised — the NIST SP 800-88 method, the technique, and the tool or vendor — and who performed and witnessed it.
- To tie the certificate to an asset, the asset must already exist in your hardware register. Loose media (drives, tapes, USB sticks) needs no asset. :::
Mint a certificate
You can start from two places. Both open the same form.
- From an asset. Open the device in Hardware, find the Data sanitisation card in the right column, and select Mint wipe certificate. The device fields are pre-filled.
- From the list. Open Wipe certificates in the sidebar and select + New certificate. Pick the device on the form, or leave it empty for loose media.
Then:
- Under Device being sanitised, choose the Hardware asset, or leave it as None / ad-hoc media for loose drives or tapes. Already-disposed assets are hidden from the list.
- Under Sanitisation, set the Method, Technique, optional Tool or vendor, and Disposition. See the field reference.
- Under Chain of custody, set Performed at and, where relevant, Performed by and Witnessed by. Add Notes an auditor would want.
- Select Mint certificate. To leave without saving, select Cancel — no certificate is created.
When the certificate is tied to an asset, minting it sets that asset's status to Disposed in the same step, so it drops off your active rollups. Mint the certificate only when the device is genuinely leaving the fleet.
On save, the platform issues a sequential certificate number, computes the integrity
hash, redirects you to the certificate, and shows a confirmation such as
Wipe certificate WC-2026-0007 issued.
Field reference
The form has three required fields — Method, Technique, and Performed at — plus a required Disposition that comes pre-filled. Everything else is optional.
Device being sanitised
| Field | Required | Default | Notes |
|---|---|---|---|
| Hardware asset | No | None / ad-hoc media | Pick an asset to copy its tag, serial, manufacturer, and model onto the certificate, and to set its status to Disposed. Leave empty for loose media. |
Sanitisation
| Field | Required | Default | Notes |
|---|---|---|---|
| Method | Yes | Purge | One of Clear, Purge, or Destroy — see Sanitisation methods. |
| Technique | Yes | — | Free text, max 191 characters. The concrete procedure, e.g. DoD 5220.22-M 3-pass, FileVault key destruction, or Shredding <6mm. |
| Tool or vendor | No | — | Free text. The product or service used, e.g. Blancco Drive Eraser 7 or Iron Mountain ShredTech on-site. |
| Disposition | Yes | Recycled (certified e-waste) | Where the device went next — see Disposition options. |
Chain of custody
| Field | Required | Default | Notes |
|---|---|---|---|
| Performed by | No | The signed-in user | The technician who did the work. Lists active users. |
| Witnessed by | No | — | Free text, max 191 characters. Name of a witness, such as a vendor rep or security officer. |
| Performed at | Yes | Now | Date and time the sanitisation happened. |
| Notes | No | — | Free text. Serial-number confirmation, drive counts, pass counts, or chain-of-custody anomalies. |
Sanitisation methods
The Method field follows the three NIST SP 800-88 Rev. 1 sanitisation categories. Pick the one that matches what was actually done.
| Method | Means | Use when |
|---|---|---|
| Clear | Logical sanitisation — overwrite | Media stays in your control and is reused internally. |
| Purge | Beyond laboratory recovery — crypto-erase or degauss | Media leaves your control but is not physically destroyed. |
| Destroy | Rendered unusable — shred or incinerate | Media is physically destroyed. |
Disposition options
Disposition records where the device went after sanitisation.
| Option | Meaning |
|---|---|
| Recycled (certified e-waste) | Sent to a certified e-waste recycler. |
| Donated | Given away. |
| Resold | Sold on. |
| Returned to lessor | Returned at the end of a lease. |
| Internal reuse | Kept and redeployed inside the organisation. |
| Physically destroyed | Destroyed in place. |
Read a certificate
The certificate page is the evidence record. At the top, an Integrity verified or Hash mismatch — row tampered badge shows whether the stored SHA-256 hash still matches the certificate's values. Below it are the device snapshot, the sanitisation details, the chain of custody, and the full hash.
| Element | What it tells you |
|---|---|
| Certificate number | The unique reference, format WC-{year}-{sequence} (e.g. WC-2026-0007). |
| Integrity badge | Green when the recomputed hash matches the stored one; red if the record was altered after issuance. |
| Device at time of sanitisation | The asset tag, serial, manufacturer, and model captured when the certificate was minted. These are a snapshot — they stand even if the asset is later deleted. |
| SHA-256 hash | The integrity value. An auditor can recompute it from the displayed fields. |
The device details on a certificate are a snapshot taken at minting. They don't change if the linked asset is edited later, and they survive the asset being deleted — the certificate notes when the hardware row has been removed.
Download the PDF
To produce a signature-ready document, select Open PDF on the certificate page (or PDF from the list). The A4 PDF opens in a new tab and includes the device identification, the sanitisation method and disposition, the chain of custody, blank technician and witness signature lines, and the SHA-256 integrity hash in the footer.
The PDF is generated on each request, so it always reflects the current record.
Archive a certificate
A certificate has no edit or delete in the usual sense. To remove one minted in error, open it and select Archive certificate in the Actions card, then confirm. Archiving soft-deletes the record: it leaves the list, but its number stays reserved so the sequence never reuses a value, and the audit log keeps the history. To correct a mistake, archive the wrong certificate and mint a fresh one.
Verify
- The new certificate's page shows the Integrity verified badge and the values you entered.
- The certificate appears in Wipe certificates when you search its number, asset tag, or serial.
- If you tied it to an asset, that asset's status reads Disposed, and its Data sanitisation card shows Certificate on file with the certificate number.
Troubleshooting
| Symptom | What to do |
|---|---|
| The asset isn't in the Hardware asset list | Already-disposed assets are hidden. If the device is already disposed, it likely already has a certificate — find it from the asset's Data sanitisation card. |
| Form reloads with an error highlighted | Method, Technique, and Performed at are required. Complete them, then select Mint certificate again. Your other entries are preserved. |
| The asset's status changed to Disposed unexpectedly | Minting a certificate against an asset disposes it by design. To reverse a mistake, archive the certificate and set the asset's status back from its detail page. |
| The certificate shows Hash mismatch — row tampered | The stored record was altered after issuance. Archive it and mint a replacement so the evidence verifies cleanly. |
| You need to change a detail on an issued certificate | There's no edit. Archive the certificate and mint a new one with the corrected values. |