← All documents
Public Privacy Updated July 11, 2026

Secure Deletion

Our NIST 800-88–aligned data destruction process, with certification provided to agencies.

Impact Suite’s data-destruction practices align with NIST SP 800-88 Rev. 1 (Guidelines for Media Sanitization) to ensure educational-agency data is rendered inaccessible and permanently deleted when no longer needed. The process spans production databases, file storage, and backups, with verification at each step.

Standards

  • NIST SP 800-88 Rev. 1 — media-sanitization guidelines.
  • HIPAA Security Rule (45 CFR § 164.310(d)(2)(i)) — secure disposal of electronic PHI.
  • FERPA (34 CFR § 99.33(a)) — proper destruction of education records.
  • AWS — NIST 800-88-certified physical media destruction for decommissioned hardware.

Three-phase process

  1. Immediate isolation (Day 0) — accounts deprovisioned, credentials/tokens/API access revoked, and records marked deleted so they are excluded from all application operations, interfaces, and reports.
  2. Physical deletion (within 30 days) — all records for the agency permanently removed from production databases and file storage (Amazon S3), with automated and manual verification.
  3. Backup expiry (within 60 days) — deletion markers prevent access even if a backup were restored; backups containing the data age out under the 30-day backup-retention policy, so no backups containing the agency’s data remain within 60 days.

Expedited destruction (production/file deletion within 10 business days) is available on request.

Verification & certification

We run COUNT queries confirming zero remaining records, verify S3 objects are removed, and test that the data is inaccessible through the application and APIs. All verification is documented and reviewed by the Compliance Officer, who authorizes a Certificate of Data Destruction for the educational agency.

What’s retained

Only destruction metadata (what was deleted, when, how, by whom) and HIPAA-required audit logs are retained (six years) for compliance verification — never the underlying student data itself. Legal holds (litigation, regulatory investigation, law-enforcement preservation) can pause destruction, in which case the agency is notified.