The European Commission, Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs has issued COMMISSION REGULATION (EU) 2019/424 on 15 March 2019 laying down eco-design requirements for servers and data storage products pursuant to Directive 2009/125/EC of the European Parliament and of the Council and amending Commission Regulation (EU) No 617/2013.
While the focus is energy-related requirements, embedded in this regulation is a requirement for servers and storage systems having 4-400 drives (systems with less or more are exempted) to have an ability to perform secure data deletions; this functionality is required from 1 March 2020.
“Secure data deletion” means the effective erasure of all traces of existing data from a data storage device, overwriting the data completely in such a way that access to the original data, or parts of them, becomes infeasible for a given level of effort.
SNIA’s Green Technical Working Group is preparing a guidance document associated with this regulation and are working through a variety of issues. The SNIA Security Technical Work Group (TWG) has already prepared a white paper on Data/Media Sanitization and how it related to ISO/IEC 27040 (Storage security). With this new regulation and the anticipated update of ISO/IEC 27040, the Security TWG will be developing further materials in this area.
Click here for more information or to participate in SNIA’s Storage Security Technical Work Group, or contact SNIA’s Technical Council Managing Director at tcmd@snia.org.