GOV.UK
WhiteCanyon Software
WipeDrive Data Sanitization Cloud Management
Securely manage IT asset sanitization in compliance with internal data security policies and/or regulatory requirements. WipeDrive Enterprise deploys from the cloud to any global location to securely erase IT assets.
Enjoy the freedom of managing audit reports and data overwrite patterns from a centralized location.
Features
- Data Sanitization for all HDD, SSD & NVMe drives.
- Data Sanitization for removable media USB, SD, etc.
- Wipe data in compliance with GDPR Right To Be Forgotten.
- Datacentre IT asset wiping.
- GDPR audit trail compliance.
- Secure audit reporting.
- Wipe Reports provided to demonstrate compliancy.
- Deployable in standalone, PXE and remote environments.
- Freedom to manage audit reports.
- Hardware details.
Benefits
- Limit liability and exposure from data breaches.
- Secure GDPR audit trail.
- Compliance with internal data security policies.
- Compliance with the GDPR Right To Be Forgotten.
- Proof of IT asset decommissioning.
- Compliance with data sanitization requirements.
- Decreased data breach risk.
- Proof of end of life IT asset decommissioning.
- Hardware audit management.
Pricing
£2.00 per licence
- Education pricing available
Service documents
Framework
G-Cloud 11
Service ID
181514365202965
Contact
Service scope
| Software add-on or extension | Yes, but can also be used as a standalone service |
| What software services is the service an extension to | Secure data sanitization |
| Cloud deployment model | Private cloud |
| Service constraints | None |
| System requirements |
|
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | 2 Hours. 4 Hours of Off Hours. |
| User can manage status and priority of support tickets | Yes |
| Online ticketing support accessibility | None or don’t know |
| Phone support | Yes |
| Phone support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support | Web chat |
| Web chat support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support accessibility standard | None or don’t know |
| How the web chat support is accessible | Accessible on the WhiteCanyon.com website. |
| Web chat accessibility testing | SnapEngage is an approved Assistive Technology Chat Provider. |
| Onsite support | Onsite support |
| Support levels |
Level 1 Enterprise Support - No Additional Cost Level 2 Enterprise Support - No Additional Cost Level 3 Enterprise Support - Depends on License Structure |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started | Provide onsite and online training and complete user documentation. |
| Service documentation | Yes |
| Documentation formats | |
| End-of-contract data extraction | Data can be extracted from internal databases directly to the client and all data wiped. |
| End-of-contract process | Customer has access to extract all data. Any data left after contract will be securely wiped. |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | Yes |
| Compatible operating systems |
|
| Designed for use on mobile devices | Yes |
| Differences between the mobile and desktop service | None |
| Accessibility standards | None or don’t know |
| Description of accessibility | 3rd party global solution meets accessibility requirements. |
| Accessibility testing | Limited. |
| API | Yes |
| What users can and can't do using the API |
Web service interfaces (REST API) for seamless integration with existing AMS/ERP systems Full automation requiring minimum user interaction AD/PSexec integration for user authentication |
| API documentation | Yes |
| API documentation formats | |
| API sandbox or test environment | Yes |
| Customisation available | Yes |
| Description of customisation | Deployment, processes, reporting and overwriting processes can be customized by the vendor. |
Scaling
| Independence of resources | Access is independent of other users or workload volume. |
Analytics
| Service usage metrics | Yes |
| Metrics types | License usage and report storage. |
| Reporting types |
|
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | Up to Developed Vetting (DV) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | EU-US Privacy Shield agreement locations |
| User control over data storage and processing locations | Yes |
| Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | Another external penetration testing organisation |
| Protecting data at rest | Other |
| Other data at rest protection approach | We employ encryption, authentication and other mechanisms to protect data. |
| Data sanitisation process | Yes |
| Data sanitisation type | Explicit overwriting of storage before reallocation |
| Equipment disposal approach | A third-party destruction service |
Data importing and exporting
| Data export approach | DB or Excel. |
| Data export formats | CSV |
| Data import formats | CSV |
Data-in-transit protection
| Data protection between buyer and supplier networks | Other |
| Other protection between networks | Hash encryption, authentication and additional security methods. |
| Data protection within supplier network | Other |
| Other protection within supplier network | We employ multiple methods to protect data on our internal network. |
Availability and resilience
| Guaranteed availability | SLA's provide 24/7 guaranteed availability. Data sanitization tool can be run offline as well. |
| Approach to resilience | We use 3rd party cloud providers to provide resilience. Our service is not mission critical. |
| Outage reporting | Email alerts, public dashboard and an API. |
Identity and authentication
| User authentication needed | Yes |
| User authentication | Username or password |
| Access restrictions in management interfaces and support channels | RBAC - Role based access control |
| Access restriction testing frequency | At least once a year |
| Management access authentication | Username or password |
Audit information for users
| Access to user activity audit information | Users contact the support team to get audit information |
| How long user audit data is stored for | Between 1 month and 6 months |
| Access to supplier activity audit information | Users contact the support team to get audit information |
| How long supplier audit data is stored for | User-defined |
| How long system logs are stored for | User-defined |
Standards and certifications
| ISO/IEC 27001 certification | No |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | Yes |
| Any other security certifications | HIPAA Business Associate Certification |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | Other |
| Other security governance standards | https://www.whitecanyon.com/privacy-policy |
| Information security policies and processes | https://www.whitecanyon.com/privacy-policy |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach | All changes are recorded and published in reports. Any changes are tracked in coding repositories. All changes are tested in Q&A for security conflicts. |
| Vulnerability management type | Supplier-defined controls |
| Vulnerability management approach | We use independent consultants to ensure that our vulnerability management process is effective. Patches are deployed as soon as they can be created. |
| Protective monitoring type | Undisclosed |
| Protective monitoring approach | We use independent consultants to ensure that our protective monitoring process is effective. Incidents are responded to according to their threat level. |
| Incident management type | Undisclosed |
| Incident management approach | Incidents are managed with a 3rd party bug reporting tool. Support and Development enter issues reported by users. Bugs and patches are tracked through this system. |
Secure development
| Approach to secure software development best practice | Supplier-defined process |
Public sector networks
| Connection to public sector networks | No |
Pricing
| Price | £2.00 per licence |
| Discount for educational organisations | Yes |
| Free trial available | Yes |
| Description of free trial | Full version of WipeDrive Enterprise with full wipe and audit reports. Limited to number of hard drive, SSD or NVMe drive wipes. |
| Link to free trial | https://www.whitecanyon.com/request-a-trial?use=trial-wipedrive-enterprise |