What is the difference between Clear, Purge, and Destroy?

Clear uses logical overwrite to protect against non-invasive recovery. Purge uses physical or logical techniques that make recovery infeasible even with lab techniques. Destroy physically renders media unusable through shredding, incineration, or melting.

Which NIST 800-88 sanitization level should I use?

Clear is appropriate when media stays within the organization. Purge when media leaves organizational control. Destroy for highest-security data, end-of-life disposal, or when media failure prevents Clear or Purge.

Can you overwrite an SSD to sanitize it?

Standard overwrite methods are not reliable for SSDs due to wear leveling and over-provisioning. NIST 800-88 recommends cryptographic erase, block erase, or physical destruction for SSDs.

Clear vs Purge vs Destroy

NIST SP 800-88 defines three levels of media sanitization — Clear, Purge, and Destroy — each providing a progressively higher level of assurance that data cannot be recovered. Choosing the right level depends on the sensitivity of the data, the type of storage media, and where the media is going after sanitization.

The Three Sanitization Levels

Clear

Clear applies logical techniques to sanitize data in all user-addressable storage locations. It protects against simple, non-invasive data recovery attempts — the kind that could be performed with commonly available software tools.

Methods

• Single-pass overwrite with fixed data pattern
• Using firmware-based erase commands (basic level)
• Factory reset with verified overwrite

Limitations

• Does not sanitize areas not accessible through standard interfaces (e.g., HPA, DCO on HDDs)
• May not reach all cells on SSDs due to wear leveling and over-provisioning
• Not sufficient for highly sensitive or classified data

When to use: Media is staying within the organization or being transferred to a trusted party at the same security level. Data sensitivity is low to moderate.

Purge

Purge applies physical or logical techniques that render data recovery infeasible using state-of-the-art laboratory techniques. This is a significant step up from Clear and is appropriate when media is leaving organizational control.

Methods

• Degaussing — Applying a strong magnetic field to erase magnetic media (HDDs, tapes)
• Cryptographic erase — Erasing the encryption key on self-encrypting drives (SEDs), rendering all data unreadable
• Block erase / Secure Erase — Using the drive's built-in sanitize command (for SSDs)
• Overwrite — Multiple passes with verified completion (for HDDs)

Key Advantage

Purge sanitizes the entire media, including areas not reachable by standard overwrite (remapped sectors, over-provisioned areas on SSDs). The media can be reused after successful Purge.

When to use: Media is leaving organizational control (sold, donated, returned to a leasing company). Data is moderately to highly sensitive. You want to reuse the media.

Destroy

Destroy renders the media physically unusable. No data recovery is possible because the media itself no longer exists in a functional form. This is the only option that provides absolute certainty.

Methods

• Shredding — Industrial shredders reduce media to small fragments (typically 2mm for classified data)
• Disintegration — Reduces media to fine particles
• Incineration — Burning media at high temperatures in a licensed facility
• Melting — Melting metal components at a smelting facility
• Pulverization — Crushing media beyond reconstruction

Key Consideration

The media cannot be reused after destruction. This represents a total loss of hardware value but provides the highest level of data security assurance.

When to use: Highly classified or regulated data. End-of-life disposal. When media failure prevents successful Clear or Purge. When absolute certainty is required.

How to Choose the Right Level

NIST 800-88 provides a decision framework based on two factors: data confidentiality and media destination.

Scenario	Recommended Minimum Level
Reassigning a laptop to another employee within the same organization	Clear
Returning leased servers to the vendor	Purge
Donating old workstations to a school	Purge
Disposing of drives that held PHI or cardholder data	Purge or Destroy
Decommissioning drives that held classified government data	Destroy
Drive has failed and cannot be reliably overwritten	Destroy

Media-Specific Guidance

Media Type	Clear	Purge	Destroy
HDD	Single-pass overwrite	Degauss or Secure Erase	Shred or disintegrate
SSD / NVMe	Overwrite (limited effectiveness)	Cryptographic erase or block erase	Shred or disintegrate
USB / SD	Overwrite (limited)	Not always available	Shred
Magnetic Tape	Overwrite	Degauss	Incinerate or shred
Optical	N/A	N/A	Shred or incinerate

Note: For SSDs and flash storage, Clear-level overwrite may not reach all storage cells due to wear leveling and over-provisioning. Purge or Destroy is recommended for sensitive data on flash media.

Verification and Documentation

NIST 800-88 recommends verifying that sanitization was successful, especially for Purge and Destroy operations. Verification methods include:

• Full disk verification: Attempting to read all sectors after overwrite to confirm data replacement
• Sample verification: Checking a representative sample of sanitized media
• Visual verification: For physical destruction, confirming that media is fully destroyed
• Tool reporting: Using sanitization software that produces verification reports

After verification, generate a certificate of destruction recording all details of the sanitization event for your compliance records.

Generate Your Data Destruction Certificate

Create a professional, compliance-ready certificate of data destruction in minutes. Upload your asset inventory, fill in the details, and receive a polished PDF.

Create a Certificate — $29