THE CRUNCH · EPISODE 05 · 0:31 · EVIDENCE

The Certificate Test

THE CRUNCH · EP 05
TAP TO PAUSE
PAUSED — TAP TO RESUME
Tap ♫ for music
Or keep scrolling — the full text is below
0:31 runtimeFully captioned · music optionalDrag the top bar to seekEpisode 5 of 25

Prefer to read it?

A defensible certificate of destruction lists every device by make, model, and serial number, names the sanitization or destruction method against NIST 800-88, records verification, and identifies the operator and date. That's what turns a vendor's claim into audit evidence.

An aggregate letter — 'one lot of assorted drives, recycled responsibly' — is common in the recycling industry and nearly worthless as compliance evidence. With no serial numbers, it can't be reconciled against your asset inventory, and reconciliation is exactly what assessors and auditors sample.

The self-test takes ten minutes: pick ten retired serial numbers at random from your inventory and trace each one to a certificate line. If any of the ten breaks, your evidence chain has a gap — better you find it than your assessor.

CYBERCRUNCH · NAID AAA · R2v3 · RIOS · PA DEP

Would your certificates survive the 10-serial test?

Serialized, method-specific, reconciled certificates are standard on every CyberCrunch engagement.