Server destruction at end-of-life: cost, process and proof of data destruction
Server destruction at the end of a server's life is the only way to be sure your business data is really gone. Wiping a server feels final, but every server holds hard drives or SSDs on which data remains. With end-of-life server destruction those carriers are physically ground into particles, so recovery is impossible. This article explains what it costs, how the collection service works, which DIN level you need and what data destruction certificate you end up holding.
Old servers, racks and network gear pile up in almost every server room. Decommissioned units often sit in a corner for years because nobody knows quite how to dispose of them safely. That is a risk, because those servers hold customer data, personnel files, backups, passwords and business secrets. As long as the drives exist, the data exists. Having servers destroyed removes that risk in one go. Below we explain what server destruction actually involves, why it is more reliable than wiping, what it costs and how to prove it was done properly. We write this from the practice of a certified collection service that comes to your location.
What does server destruction mean?
Server destruction means the carriers inside the server, and if needed the whole unit, are fed through an industrial shredder that reduces the metal and the memory chips to small particles. What remains is a pile of metal fragments in which no sector or chip is intact. This is physical data destruction, as opposed to logical destruction such as wiping or overwriting. With real server destruction nobody can read the data any more, not even with advanced forensic equipment. The term data destruction is often used as an umbrella for all methods. Shredding is the most definitive form. Where wiping depends on software that has to execute everything correctly, a shredded drive is simply no longer a drive. End-of-life server destruction is therefore not about tidying up, but about irreversibly removing the last copy of your data.
Why wiping a server is not enough
Formatting a server or clearing its drives feels final, but it is not. With an ordinary deletion only the reference to the file is removed, while the data itself stays on the drive until it is overwritten. With free recovery tools that data is often back within minutes. An extra complication with servers is that they hold several carriers, often in a RAID configuration. A RAID set spreads data across multiple drives, so an incomplete wipe quickly leaves remnants on a drive you overlooked. Professional overwriting to a standard can work for ordinary hard drives, but it is error-prone. A drive with bad sectors, a drive that no longer boots or an SSD with smart memory management can never be wiped with certainty. That is why physical shredding is the safest choice. We discuss the difference between wiping and destroying at carrier level in more detail in our article on having a hard drive shredded.
Pull the drives or destroy the whole unit?
With server destruction there are two approaches. You can have the drives removed from the server and only those destroyed, or have the whole unit go through the shredder. Which choice fits depends on your situation.
- Destroy only the carriers. The hard drives and SSDs are taken out of the chassis, registered by serial number and ground up. The empty chassis can go back to the supplier or to recycling. This is the usual choice for a lease return, because the hardware itself has to go back.
- Destroy the whole server. The complete unit goes through a heavy shredder. You choose this when the hardware is being scrapped anyway and you want to be sure no forgotten memory module or cache card is left.
The sensitive data is almost always on the hard drives and SSDs, but also think of motherboard NVRAM, RAID controllers with cache and removable flash modules. If in doubt, choose to destroy the whole unit or have the cache modules taken along separately. We describe the technical background of server and rack destruction in detail in servers and racks at end-of-life.
Which DIN level do you need for servers?
Like paper, data destruction has standardised levels. The DIN 66399 standard describes the so-called H-classes for data carriers, where H stands for hard drives. The higher the number, the smaller the particles and the higher the certainty.
| Level | Maximum particle size | Suitable for |
|---|---|---|
| H-3 | Coarser particles | Ordinary business data, low risk |
| H-4 | Small particles | Personal data, the workable minimum |
| H-5 | Very small particles | SSDs, social security numbers, medical and special data |
For most businesses H-4 is the right level for classic server hard drives. If you work with special personal data or the servers contain SSDs, choose H-5. The memory chips of an SSD are small, so they have to be ground more finely to make every fragment unreadable. Many modern servers run entirely on SSD or NVMe, which makes H-5 the starting point more and more often in practice. More on the levels and what they mean is in DIN 66399 explained.
What determines the cost of server destruction?
The question asked most is what server destruction costs. The honest answer is that the price depends on a few factors. Once you know them, you can compare quotes properly and know in advance where you stand.
- The number of servers and drives. You pay per item. A server often holds several carriers, so the number of drives counts more than the number of cases. The price per item falls at larger numbers.
- Whole unit or only carriers. Grinding a complete server requires a heavier machine than destroying loose drives. Destroying only the carriers is usually cheaper.
- The level. H-5 requires finer grinding than H-4, which can be slightly more expensive.
- The distance. Within 20 km of Amsterdam we charge no call-out fees.
- Combination with paper, racks or other carriers. Everything in one collection saves the call-out and the admin.
What matters is that an honest provider charges per item by serial number and gives a fixed price in advance. That way you know exactly what you pay before anything happens. The general make-up of data destruction costs resembles that of paper, which we explain in archive destruction cost.
A price indication with worked examples
To give a sense of it, here are three typical situations. The exact price depends on your number, the level and whether whole units or only carriers come along, so always request a quote for a fixed price.
| Situation | Scale | What plays a part |
|---|---|---|
| Small office or sole trader | 1 to 2 servers with a few drives | Small order, possibly collected with paper or laptops |
| SME server room | 5 to 15 servers, several drives per unit | Lower price per item, one collection moment, inventory list helps |
| Lease return or data center shutdown | Several racks, dozens to hundreds of drives | Sharpest price per item, planning on site, possibly several trips |
If you have only one or two servers, it is often economical to have them taken along during a paper collection or together with other data carriers and laptops. That way you pay for the call-out only once. At larger numbers the price per carrier falls, because the collection and the admin spread across more items. For a complete data center disposal with several racks we plan the logistics in advance, so the removal and the haul-away run as one smooth process.
Server, rack or whole data center: what is covered?
Server destruction is a broad term. In practice we encounter the following forms, from small to large.
- Loose servers. One or a few towers or rack servers from a small server room.
- Complete racks. A filled rack with servers, storage, switches and patch panels.
- Data center setups. Several racks during a move, consolidation or shutdown, also called data center equipment shredding.
- Storage arrays and SANs. Separate storage cabinets with large numbers of drives, often the most data-intensive part.
The same principle applies to every form. We register each carrier by serial number and destroy it to the agreed level, whether it is a single server or a complete data center disposal. The bigger the setup, the more important a clean inventory in advance, so that no carrier is unexplained afterwards.
Network gear: switches, routers and firewalls
With network equipment destruction people do not always think of data, yet it belongs there. Switches, routers and firewalls hold configurations, VPN keys, certificates and sometimes log files in flash memory. A discarded firewall with the full network configuration on it is a gift to anyone with bad intentions. That is why we take network gear along in the same collection and destroy the memory modules to the right level. Patch panels, KVM switches and management cards can hold sensitive information too. When you inventory, make no distinction between servers and network gear. Everything that can hold configuration or data belongs in the same closed chain. That stops a situation where the servers are neatly destroyed while the firewall with all the access rules ends up with a reseller.
How the collection service works
Having servers destroyed need not be a hassle. The collection service works in a few clear steps.
- You request a quote with the number of servers, drives and network devices and the level you want.
- We schedule the collection at your location, at a time that suits you.
- The carriers and units go in a sealed bin, under a registered handover.
- The drives or whole servers are shredded to the agreed DIN level.
- You receive a certificate with the serial numbers of all destroyed carriers and units.
The whole chain is closed, from your server room to the shredder. You do not have to dismantle or transport the equipment yourself. If you want the drives already out of the servers, that is fine, but we can also handle the removal for you during the collection.
The chain of custody from door to shredder
Server destruction is all about the so-called chain of custody, the closed chain in which every carrier stays traceable. From the moment the equipment leaves your location until the moment of destruction there is a watertight record. The units go in a sealed bin or cart, the handover is logged and at the shredder every carrier is checked off by serial number. That way nothing can disappear along the way without it being noticed. This closed chain is exactly the difference between handing equipment to a random collector and professional data destruction. How that chain works in practice is in our explainer on data destruction. For an organisation that must be able to demonstrate what happened to the data, that traceability is the heart of the matter.
Billing per item by serial number
An honest provider does not bill by the kilo or by the hour, but per item by serial number. That has two advantages. You know in advance exactly what you pay, because the number of carriers is fixed. And you get conclusive proof, because every serial number in the quote comes back on the certificate. With servers that is extra important, because there are several drives per unit. A price per server without a count of the drives says little. So always ask for a price per carrier and per unit, with serial numbers. That avoids surprises afterwards and keeps you in control of exactly what was taken and destroyed. A fixed price in advance is also convenient for your own budgeting at a lease return or a data center project.
The data destruction certificate
The proof that everything went well is the data destruction certificate. It states the date, the DIN level applied and the serial number of every destroyed carrier and unit. That serial number is the difference with a paper certificate, because it ties the proof to your specific servers. So in an audit or an inspection you can show that exactly that drive or that server was destroyed. Keep the certificate with your GDPR records, so you can show it when needed. On a lease return you can also present the certificate to the leasing company as proof that the data on the returned hardware was destroyed. What belongs on such a certificate is in data destruction certificate explained.
Demonstrable destruction for the GDPR
The GDPR asks not only that you destroy personal data, but also that you can demonstrate it. A decommissioned server standing in a corner is not destruction, even if nobody uses it any more. Only once the carriers are irreversibly destroyed and you have a certificate for it do you meet the requirement of demonstrability. For businesses that handle customer or patient data this is no formality but a legal duty. Servers often hold the central databases of an organisation, so the risk is greatest exactly there. A shredded server drive with a certificate is the conclusive proof that you take your duty of care seriously. If a data breach involving old hardware ever comes to light, the certificate shows that those particular drives had long since ceased to exist.
Server destruction in Amsterdam and surroundings
We collect servers and data carriers within a 20 km radius of Amsterdam, with no call-out fees. Whether you are in Amsterdam-Noord, Amstelveen, Zaandam, Diemen or Haarlem, we come to you. Short lines mean fast planning, even if your server room has to be empty by a tight date. You do not have to drop off the servers yourself or put them on transport, which is unwise with sensitive data on them anyway. The equipment stays under sealed handover until it is destroyed. For anyone outside the immediate region, collection is possible nationwide via pooled routes. Give your postcode with the request, and you will know straight away whether you fall within the service area with no call-out fees.
Common situations
Server destruction comes up at various moments. The most common situations are these.
- End of a lease. Before hardware goes back, the drives must come out and be destroyed.
- Migration to the cloud. Moving to the cloud leaves whole server rooms of old equipment behind.
- Hardware replacement. In a refresh of the server estate, decommissioned units are left over.
- Data center shutdown or consolidation. In a move or merger, whole racks come free.
- Faulty servers. A server that no longer boots cannot be wiped, but it can be destroyed.
- End of retention period. Data you no longer need to keep should be destroyed.
In all these cases the same principle applies. As long as the drives exist, the data is a risk. So have the equipment gathered and collected and destroyed safely in one go.
Lease return: mind the drives
With end-of-life IT that comes out of a lease, things often go wrong at one point. The hardware has to go back to the leasing company, so the temptation is to ship the servers complete. But then your data leaves the building, without you knowing where the drives end up. The right approach is to have the carriers removed and destroyed separately before the chassis goes back. You then keep a certificate with serial numbers and return only the empty hardware. Arrange this with your leasing company in advance, because some contracts expect the drives back. In that case an agreement on replacement or a destruction statement is the solution. Never let data leave the premises on a drive whose destination you do not know. A few days of planning in advance prevents you from making an unsafe choice under time pressure at handover.
On-site destruction or after collection?
Many organisations ask whether the servers are destroyed at their own location or only later at a fixed processing site. Both models exist. With destruction on site a shredding truck comes to you and you watch it happen, which is a requirement for some sectors. With the usual collection service the carriers go along under sealed and registered handover and are destroyed at a secure location, after which you receive the certificate with serial numbers. For most businesses that second model is sufficient, because the chain is closed and every carrier stays traceable until destruction. If you definitely want to be present, say so with the request, and we tailor the approach to that. The certainty lies not in where the shredder stands, but in the closed chain and the proof afterwards. Short arrival times in the Amsterdam region make both variants practical.
Environment and recycling of server hardware
A common concern is whether destruction is responsible for the environment. It certainly is. Servers contain a lot of steel, aluminium, copper and precious metals. After grinding, the metal particles are separated and recovered by a metal processor. The material from motherboards, power supplies and chassis gets a second life as raw material. So secure data destruction goes hand in hand with circular processing. You do not have to choose between security and sustainability, because destruction delivers both. The drives are unreadable and at the same time the material is not wasted. That is a more pleasant end picture than a server room full of decommissioned hardware slowly ageing while nobody does anything with it. For the chassis that hold no data, they can simply enter the recycling stream after the carriers have been destroyed.
What do you do with the servers until collection?
There can be time between when you retire equipment and the collection. Keep the servers in a locked place during that period, for example the server room itself or a lockable room that not everyone can reach. Keep a simple list of the serial numbers of the servers and the drives, so at collection you can check that everything goes along. Do not leave decommissioned servers with the ordinary waste and do not hand them to a random collector, because then you lose control of the data. Put the units together and label them, so the collection runs smoothly. That way you keep the chain closed from the moment of retirement to destruction.
Which other data carriers can come along?
A server is not the only carrier with sensitive data in a server room. In the same collection other data carriers can come along, so you handle everything in one go. Think of loose hard drives and SSDs, old backup tapes from the tape library, NAS devices, USB sticks and memory cards, through to decommissioned laptops and phones from the IT department. All these carriers are registered per item and destroyed to the right level. The advantage of combining is that you pay for the call-out only once and get a single certificate listing all the volumes. That stops a forgotten tape or USB stick with business data on it from being left somewhere. Before the collection make a short inventory of everything that holds data, so nothing accidentally goes back in the cupboard. Data destruction is only complete when every carrier has been taken, not just the obvious servers.
Common mistakes
- Only wiping the server and thinking it is done. Without physical destruction of the drives a risk remains.
- Overlooking the RAID drives. Data is spread across several carriers, so all drives must come along.
- Returning complete lease servers with data on them. Pull the drives and destroy them separately.
- Forgetting network gear. Firewalls and switches hold configurations and keys.
- Keeping no serial numbers. Without a list you cannot check afterwards what was destroyed.
- Destroying SSDs at too coarse a level. Choose H-5, so the chips really become unreadable.
- Not keeping the certificate. Without proof you can demonstrate nothing in an inspection.
Step by step to safe server destruction
- Inventory the equipment and note the serial numbers of servers, drives and network devices.
- Decide the approach, destroy only carriers or whole units.
- Decide the level, H-4 for HDD or H-5 for SSD and special data.
- Request a quote with the number and type of devices.
- Schedule the collection at your location within the service area.
- Keep the certificate with your GDPR records.
An example from practice
Suppose an IT manager at an SME moves to the cloud and is left with a server room holding eight rack servers, a storage array with twelve drives, two switches and a firewall. Some of the servers no longer boot, so wiping is not an option. On top of that there is customer data on the database servers, so demonstrable destruction is a must. The manager inventories all the equipment and notes the serial numbers. He requests a quote for server destruction at level H-5, because the storage array runs on SSD. Within a working day there is a fixed price per carrier and per unit, with no call-out fees because the office is in Amsterdam. On the agreed day the drives are removed, and all the carriers and the firewall go along in a sealed bin. The empty chassis go to recycling. A few days later the certificate is in the inbox, with each serial number neatly listed. The manager files it with the GDPR records. The server room is empty, the risk is gone and everything is demonstrably in order.
Have servers destroyed?
Give the number of servers, drives and network devices and the level you want. You get a fixed price per item in advance. We collect the equipment, destroy the carriers and you receive a data destruction certificate with all the serial numbers. No call-out fees within 20 km of Amsterdam.
Request a quoteFrequently asked questions
What does it cost to have servers destroyed?
The price depends on the number of servers and drives, whether you destroy whole units or only the carriers, the level you want and the distance. You pay per item by serial number, with a fixed price in advance and no call-out fees within 20 km of Amsterdam.
Is wiping a server enough at end-of-life?
No. A server holds several hard drives or SSDs on which data remains. Wiping is error-prone and often leaves data on faulty or smartly managed drives. Physical destruction of the drives is the only certain method.
Do the drives come out or can the whole server go?
Both are possible. The drives are removed and destroyed by serial number, or the whole unit goes through the shredder. On a lease return usually only the carriers are destroyed and the chassis goes back.
Do I get proof the servers were destroyed?
Yes. You receive a data destruction certificate with the date, the DIN level applied and the serial number of every destroyed carrier or unit.
Do you destroy network gear too?
Yes. Switches, routers and firewalls hold configurations and keys in flash memory. We take those along in the same collection and destroy them to the right level.
Can a data center with several racks be done in one go?
Yes. For a data center disposal with several racks we plan the logistics in advance. The removal, the haul-away and the destruction run in a closed chain, with a single certificate for all carriers.
Conclusion
Server destruction at the end of a server's life is the most certain way to destroy business data irreversibly. Wiping a server leaves remnants too often, certainly with RAID sets, faulty drives and SSDs. With physical shredding at the right DIN level you know for sure no sector or chip is readable any more. You pay per item by serial number, with a fixed price in advance and no call-out fees within the service area. The data destruction certificate makes it demonstrable afterwards that exactly your servers and drives were destroyed. So server destruction combines maximum security with conclusive proof and responsible recycling.
A price straight away? Request a quote via desnipperaar.nl or first read the technical background on servers and racks at end-of-life. You get a fixed price per item in advance, with no obligation.