CHAT WITH US
Need help?
Find all the answers to your questions by messaging one of our support agents.

Secure Data Deletion

Seagate provides various secure data deletion tools that work on all products. These tools use industry-standard interface commands to effectively erase all traces of existing data from a data storage device, deleting the data completely to prevent access to the original data. Erase command availability depends on factors such as, Firmware support, operating system permissions, and drive communication through server systems.

For Information about Secure Data Deletion Commands for HDD and SSD, click here.

For Information about Secure Data Deletion Steps for a RAID System, click here.


Software Tools for Secure Data Deletion

  HDD and SSD SeaTools GUI software

  SeaChest Utilities

Secure Data Deletion Commands for HDD and SSD

The Secure Data Deletion Command Matrix shows all Seagate Secure Data Deletion Commands.

Interfaces Security Erase Format Unit Simple Overwrite Sanitize
Sanitize Overwrite Sanitze Block Erase Sanitize Crypto Erase
Revert & RevertSP (PSID) Write Same
SATA                
SATA SED SED & FIPS                
SAS                
SAS SED SED & FIPS                
NVMe                
NVME SED & FIPS                

Legend

 
 Overwrite Commands (Comply with Lot 9):
 Take 1 hour per Terabyte (USBs up to 5 hours per TB) to complete. Overwrite commands go from end to end of the device, overwriting existing data with zeroes.
 They provide thorough validation of data erase.
 Overwrite commands allow reallocation of defective sectors.
 Note: Simple Overwrite does not erase data in blocks that were deallocated. Accessing data in deallocated sectors would reasonably be infeasible for a given level of effort.
 
 Fast Erase Commands (Comply with ISO 27040 and NIST 800-88):
 Take 2 to 30 seconds.
 Revert (PSID) command performs a Crypto Erase. All data is sanitized and the security subsystem returns to Factory default.
 Revert, RevertSP (PSID), Sanitize Crypto, and the Security Erase (for SATA SED), destroys the AES 256 data encryption key by overwriting it with a new value and sanitze all data written by the previous key to a cryptographic certainty per FIPS 140 and Common Criteria standards.
 

 The ATA Security Erase Unit on Self Encrypting Drives (SED) has an option for Crypto Erase Only OR Crypto Erase + Overwrite. Customers must be clear which commands they are using on encrypting SATA drives. This is a Fast Erase command.

 

 Commands that cannot be easily aborted before completion.

Deletion Command Notes

  • The Secure Data Deletion process must be allowed to complete to be effective and to avoid inadvertent data or drive issues.
  • All commands comply with ISO 27040 and NIST 800-88 Standards.
  • Not all commands provide data overwriting.
  • Overwrite commands comply with the Lot 9 data deletion regulation providing "the effective erasure of all traces of existing data from a data storage device, overwriting the data completely in such a way that access to the original data, or parts of them, becomes infeasible for a given level of effort." Command duration:
    • Overwrite commands take longer to implement.
    • Sanitize Cypto, Revert, and RevertSP (PSID) take at most 2 minutes. All other erase commands take 1TB/hr.
    • NVMe SSDs take 1 hour per terabyte per pass. Number of passes is drive selectable. The NVMe specified default is 16 passes.
  • Seagate is not responsible for lost user data or data remaining on the drive after erase. If you are not the original owner of this drive, and that owner has no claim to it, you might still be responsible for the drive data.
Secure Data Deletion for a RAID System (RBOD)

To perform secure erase for a RAID system, follow the instructions below

  1. Log into the RAID system CLI.
  2. Run clear events
  3. Run restore defaults factory
    These commands remove all configuration and returns the drive to factory default. This is not recoverable.
  4. Take the RAID controllers out of the system.
  5. Install an IOM (IO module, a JBOD controller) into the system making it a JBOD.
  6. Connect the system and run SeaChest Utilities commands through the SAS port on the JBOD.