Security isn’t a feature. It’s the foundation.
Every device that moves through Phobio is handled with rigorous, standards-backed security protocols. From the moment a device is received to the moment it leaves our custody, data protection and device integrity are non-negotiable.
R2v3 Certified
Phobio is an R2v3 (Responsible Recycling) certified facility — the electronics industry’s leading standard for responsible reuse, repair, and recycling. R2v3 certification mandates rigorous data security practices, environmental responsibility, and worker health and safety standards across our entire operation.
Learn more about R2v3 certification
Erasure before everything else
Every device we receive — regardless of make, model, or condition — undergoes a complete data erasure before any inspection, grading, or onward processing takes place. This isn’t a conditional step. It is the first step, every time.
We use NIST 800-88 or the equivalent HMG Infosec Standard to ensure that no residual data can ever be recovered from a device that passes through our hands. Both are government-backed frameworks built around the appropriate sanitization method —overwrite, cryptographic erase, or secure erase commands — as specified by NIST 800-88 based on device type and storage technology.
The standards we work to:
HMG Infosec Standard — United Kingdom Issued under the His Majesty’s Government (HMG) framework by CESG/NCSC — the UK’s National Cyber Security Centre — the HMG Infosec Standard defines how government and sensitive data must be sanitized before hardware is disposed of or reused. It is the UK’s direct counterpart to NIST 800-88 and is considered equivalent in scope and rigor.
Both standards use the overwrite approach: all addressable storage on a device is systematically overwritten, cryptographic erased, or secure erased through commands to render previous data permanently unrecoverable — even under forensic analysis. Phobio applies whichever standard is appropriate based on device origin or customer requirements.
How every device is handled
1. Intake and registration Every incoming device is logged into our chain-of-custody system. Serial number, IMEI (where applicable), and device condition are recorded at the point of receipt.
2. Immediate data erasure Before any grading or inspection begins, every device is fully wiped using NIST 800-88 or HMG Infosec-compliant methods. An overwrite pass is applied to all addressable storage, ensuring no personal, financial, or proprietary data remains.
3. Erasure verification and certification Erasure is verified and a certificate of data destruction is generated. This record is tied to the device’s serial number and is available to partners upon request.
4. Inspection and grading Only after erasure is confirmed does the device proceed to cosmetic and functional inspection. It is then assessed, graded, and routed for reuse, refurbishment, or responsible recycling.
5. Secure disposition All downstream processing follows R2v3 requirements — whether a device is resold, harvested for parts, or recycled. Environmental compliance and secure handling apply at every stage.
Why this matters for you or your organization
The devices your organization trades in often carry sensitive personal data, corporate credentials, proprietary files, and configuration information. A weak or inconsistent sanitization process isn’t just a compliance risk — it’s a direct security exposure.
Phobio’s approach means your security and compliance teams don’t have to take our word for it. Our adherence to named, government-backed standards — and the audit documentation we generate for every device — provides the evidence trail needed to properly close out every device retirement.
Whether you’re managing a fleet refresh, a one-time hardware transition, or an ongoing trade-in program, every device is handled the same way: fully erased first, verified, documented, and processed under one of the most rigorous device lifecycle frameworks available.
