The core problem: factory reset is not a verified outcome
Compliance and audit conversations are outcome-based: “Is the data recoverable?” and “How do you know?” Factory reset is usually effort-based: someone clicked a button and the device rebooted.
Without verification and records, a factory reset does not produce a defensible story when leadership asks questions—especially after a lost device, a staff change, or a security incident.
Why behavior varies across devices
Factory reset can mean different things depending on the platform and configuration:
- Whether encryption was enabled and whether keys are actually removed
- Whether the reset wipes user partitions, system partitions, or only reinitializes OS state
- Whether storage is SSD vs HDD and what the firmware does
- Whether the device is managed (MDM) and what policies were enforced
This is why disposal programs typically standardize on a method family (wiping or destruction) rather than relying on end-user reset flows.
Why “we did a reset” doesn’t satisfy chain of custody
Even if a reset happened, you still need to reconcile what left the building and what was processed. Chain of custody and check-in records reduce the “lost in a closet / lost in transit” gap that creates real risk.
Read chain of custody importance for the operational view.
NIST SP 800-88 framing (a better default)
Most serious programs use NIST SP 800-88 as the sanitization language because it is about outcomes (Clear / Purge / Destroy) and it encourages verification and documentation.
Wiping vs shredding (choose by policy)
Some policies allow verified wiping for reuse. Others require physical destruction. The difference matters, and it should be decided by policy and risk, not convenience.
See wiping vs shredding.
Related service page
For how we run secure media handling on real pickups, see hard drive destruction & wiping.