A defensible certificate of destruction lists every device by make, model, and serial number, names the sanitization or destruction method against NIST 800-88, records verification, and identifies the operator and date. That's what turns a vendor's claim into audit evidence.
An aggregate letter — 'one lot of assorted drives, recycled responsibly' — is common in the recycling industry and nearly worthless as compliance evidence. With no serial numbers, it can't be reconciled against your asset inventory, and reconciliation is exactly what assessors and auditors sample.
The self-test takes ten minutes: pick ten retired serial numbers at random from your inventory and trace each one to a certificate line. If any of the ten breaks, your evidence chain has a gap — better you find it than your assessor.
Serialized, method-specific, reconciled certificates are standard on every CyberCrunch engagement.