FOI release

FOI202600005S Software Based Data Destruction Assurance

Published 5 March 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/foi-release-software-based-data-destruction-assurance/foi202600005s-software-based-data-destruction-assurance

FREEDOM OF INFORMATION ACT 2000 - REQUEST REF: FOI2026_00005S 

Thank you for your email of 12 February 2026 asking for information under the Freedom of Information Act (FOIA) 2000. You asked: 

“please provide the following recorded information held by your department regarding assurance processes for software based data erasure of end of life IT equipment. 

For clarity, this request relates solely to software based data destruction. Please exclude physical destruction methods such as shredding, crushing, degaussing or disintegration. 

  1. Please confirm whether departmental policy, contractual terms or internal procedures require an explicit outcome based warranty or guarantee confirming that personal data has been rendered irretrievable through software based erasure, whether carried out internally or by an external provider. 

  2. Where software based data destruction is performed internally, what recorded evidential assurance does the department rely upon to conclude that the final data state is irretrievable? 

  3. Where software based data destruction is performed by a third party provider, does the department hold recorded information demonstrating that any warranty or assurance provided explicitly extends to the software erasure method used and its claimed effectiveness? If so, please confirm the recorded nature of that verification. 

  4. Where no explicit outcome based warranty is required or provided, what recorded form of evidential assurance does the department rely upon to conclude that software based erasure has rendered personal data irretrievable? 

I am not requesting technical configuration detail, security sensitive information or supplier specific vulnerabilities. I am seeking confirmation of the assurance model relied upon for software based data destruction.” 

I am writing to confirm that we have now completed the search for the information which you requested.   

I can confirm that FCDO Services does hold information relevant to your request, as set out below. 

  1. For customers and suppliers, FCDO Services relies on contractual clauses / agreed processing arrangements for data retention / erasure. Separate internal data destruction procedures exist for FCDO Services data in line with our Retention Schedule.  

  2. We rely upon completion of an internal data destruction certificate – the process is overseen by our internal Information Assurance community. 

  3. We rely upon completion of an FCDO Services supplier data destruction certificate – the process is overseen by our internal Procurement and Knowledge and Information Management teams 

  4. N/A  

Once an FOI request is answered, it is considered to be in the public domain.  To promote transparency, FCDO Services may now publish the response and any material released on GOV.UK in the FOI releases section.  All personal information in the letter will be removed before publishing.  

Where copies of information have been supplied to you they will continue to be protected by the Copyright, Designs and Patents Act 1988.  You are free to use it for your own purposes, including any non-commercial research you are doing and for the purposes of news reporting.  Any other re-use, for example commercial publication, would require the permission of the copyright holder.  Most documents supplied by the FCDO will have been produced by government officials and will be protected by Crown Copyright.  To re-use Crown Copyright documents please consult the Open Government Licence v3 on the National Archives website. 

Information you receive which is not subject to Crown Copyright continues to be protected by the copyright of the person, or organisation, from which the information originated. You must ensure that you gain their permission before reproducing any third party (non-Crown Copyright) information. 

If you would like to request a review of our decision, you should write to the Data Protection Officer (DPO), Knowledge and Information Management (KIM) Team, FCDO Services, Hanslope Park, Milton Keynes, England, MK19 7BH (e-mail: FCDOServices.DataProtectionOfficer@fcdo.gov.uk).  Please note you have 40 working days to do so from the date of this letter. Please quote the reference number above in any future communications. 

If you are not content with the outcome of your complaint, you may then apply directly to the Information Commissioner for a decision.  Generally, the Information Commissioner cannot make a decision unless you have exhausted the complaints procedure provided by the FCDO. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or online at: https://ico.org.uk/make-a-complaint/  

Yours sincerely, 

FOI Officer 

Knowledge and Information Management (KIM) Team 

FCDO Services

Back to top