Standards

HMG IS5 Explained: The UK Government Erasure Standard

If you operate in the UK or handle data subject to UK government requirements, you have likely encountered references to HMG IS5 in procurement contracts, NHS policies, or IT disposal procedures. HMG IS5 — His Majesty's Government Infosec Standard 5 — is the UK government's framework for securely erasing data from storage media. Understanding what it actually requires, where it applies, and how it compares to international standards like NIST 800-88 can save you from both over-engineering your erasure process and falling short of compliance expectations.

Key Takeaways:

  • HMG IS5 defines two levels: Baseline (single-pass overwrite) and Enhanced (three-pass overwrite with verification)
  • The standard was designed for magnetic hard drives (HDDs) — it does not adequately address SSDs or flash storage
  • The UK's NCSC now provides updated, technology-aware guidance that supplements HMG IS5
  • HMG IS5 Baseline aligns with NIST 800-88 Clear, while Enhanced resembles the obsolete DoD 5220.22-M approach
  • Following HMG IS5 with proper documentation supports GDPR and UK Data Protection Act compliance

What Is HMG IS5?

HMG IS5 stands for His Majesty's Government Infosec Standard 5 (originally "Her Majesty's" under the previous monarch). It is part of a series of information security standards developed for UK government departments and agencies to follow when handling classified and sensitive information. Standard 5 specifically addresses the secure sanitization of storage media — how to erase data so it cannot be recovered.

The standard was developed within the UK government's protective marking scheme, which classifies information into tiers: OFFICIAL, SECRET, and TOP SECRET (a system that replaced the older RESTRICTED, CONFIDENTIAL, SECRET, and TOP SECRET markings in 2014). HMG IS5 maps its erasure requirements to these classification levels, prescribing stronger sanitization methods for more sensitive data.

Unlike the U.S.-based NIST 800-88, which takes a flexible risk-based approach, HMG IS5 is prescriptive. It tells you exactly how many overwrite passes to perform and what data patterns to write. This makes it straightforward to implement but less adaptable to modern storage technologies that did not exist when the standard was written.

HMG IS5 remains widely referenced across UK government IT contracts, NHS Digital disposal policies, local council IT procedures, and UK-based managed service providers handling public sector data. Even organizations outside the government sector sometimes adopt it as a recognized benchmark when operating under UK data protection regulations.

HMG IS5 Baseline vs. Enhanced

HMG IS5 defines two distinct levels of data sanitization, each suited to different data sensitivity classifications.

HMG IS5 Baseline — Single-Pass Overwrite

The Baseline level performs a single overwrite pass across all addressable locations on the drive, writing zeros to every sector. After the overwrite completes, the process verifies that the write operation was successful by reading back the drive contents and confirming the expected pattern is present.

When to use Baseline:

  • Media that held data classified as OFFICIAL or below
  • Internal drive redeployment within the same organization
  • Non-sensitive operational data that does not require enhanced protection
  • Situations where drives will be reused in a similarly trusted environment

Baseline is the faster option. On a 1TB hard drive, a single verified overwrite pass typically takes 2 to 4 hours depending on the drive's write speed. It provides adequate protection against data recovery using standard software tools and commercial recovery services.

HMG IS5 Enhanced — Three-Pass Overwrite

The Enhanced level performs three sequential overwrite passes:

  1. Pass 1: Overwrite all addressable sectors with zeros (0x00)
  2. Pass 2: Overwrite all addressable sectors with ones (0xFF)
  3. Pass 3: Overwrite all addressable sectors with random data
  4. Verification: Read back the drive to confirm the final pass completed successfully

When to use Enhanced:

  • Media that held data classified as SECRET or above
  • Drives leaving organizational control entirely (sale, donation, third-party disposal)
  • Situations where an additional margin of safety is required by policy
  • Contracts or procurement specifications that explicitly require Enhanced-level sanitization

Enhanced takes roughly three times longer than Baseline. For a 1TB hard drive, expect 6 to 12 hours. The three-pass approach follows the same logic as the DoD 5220.22-M method — alternating patterns designed to address potential data remanence on magnetic platters.

When Neither Level Is Sufficient

Both HMG IS5 levels are overwrite-based methods designed for traditional magnetic hard drives. They are not appropriate for:

  • SSDs and NVMe drives — Wear leveling, over-provisioning, and controller-managed areas mean overwriting cannot reach all data locations on solid-state storage. Firmware-level commands (ATA Secure Erase, NVMe Sanitize, cryptographic erase) are required instead.
  • Damaged or failing drives — If a drive has bad sectors or cannot complete a full overwrite, the standard cannot be reliably applied. Physical destruction is the appropriate response.
  • TOP SECRET data — UK government policy for TOP SECRET material typically requires physical destruction (disintegration, incineration) regardless of the media type.

Bottom Line: For most UK organizations handling government or public sector data on traditional hard drives, HMG IS5 Baseline is sufficient for OFFICIAL-level data, and Enhanced provides the additional assurance needed for SECRET-level data. But if you are working with SSDs — which make up the majority of drives in modern devices — you need to look beyond HMG IS5 to the NCSC's current guidance or NIST 800-88 Purge-level procedures.

How HMG IS5 Compares to NIST 800-88

HMG IS5 and NIST 800-88 address the same fundamental problem but approach it differently. Here is how they compare:

Criteria HMG IS5 NIST 800-88 Rev. 2
Origin UK Government U.S. National Institute of Standards and Technology
Approach Prescriptive — specific pass counts and patterns Risk-based — Clear, Purge, Destroy levels
HDD coverage Yes — primary focus Yes — comprehensive guidance
SSD coverage No — designed before SSDs were common Yes — firmware-level commands for Purge
NVMe coverage No Yes (expanded in Rev. 2, September 2025)
Lowest level Baseline: 1-pass zeros + verify Clear: 1-pass overwrite + verify
Mid level Enhanced: 3-pass + verify Purge: firmware-level commands
Highest level Physical destruction (policy, not in IS5) Destroy: physical destruction methods defined
Certification Not specified in standard Recommends documentation and certificates
International recognition Primarily UK and Commonwealth Global — referenced by regulators worldwide
Last major update Legacy standard (NCSC guidance supplements it) September 2025 (Rev. 2)

The practical overlap is significant. HMG IS5 Baseline is functionally equivalent to NIST 800-88 Clear for HDDs — both require a single verified overwrite. HMG IS5 Enhanced produces a similar outcome to the obsolete DoD 5220.22-M three-pass method, though NIST research has shown the additional passes are unnecessary for modern magnetic drives.

The key difference is scope. NIST 800-88 covers the full range of modern storage technologies and offers flexibility through its risk-based framework. HMG IS5 is narrower, focusing on overwrite procedures for magnetic media. For any organization working with SSDs, NVMe drives, or flash-based storage, NIST 800-88 (or the NCSC's updated guidance) is the necessary reference — HMG IS5 simply does not address these technologies.

For a complete breakdown of the NIST framework, see our NIST 800-88 explainer.

UK Compliance Context: GDPR, NHS, and the Data Protection Act

HMG IS5 does not exist in isolation. It sits within a broader UK regulatory landscape that governs how organizations must handle and dispose of personal and sensitive data.

GDPR and the UK Data Protection Act 2018

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 require organizations to erase personal data when it is no longer needed for its original purpose, when a data subject exercises their right to erasure, or when consent is withdrawn. Neither regulation specifies a particular erasure standard — they require "appropriate technical and organisational measures" to protect personal data.

In practice, following HMG IS5 with documented verification provides strong evidence of appropriate technical measures. The ICO (Information Commissioner's Office) has not prescribed specific erasure methods, but an organization that can demonstrate it followed a recognized standard and retained certificates of erasure is in a much stronger position during an audit or breach investigation than one that simply "formatted the drives."

NHS and Healthcare Data

The NHS requires organizations handling patient data to follow specific disposal procedures. NHS Digital's Data Security and Protection Toolkit references HMG IS5 and NCSC guidance for media sanitization. Healthcare data falls under both the UK GDPR and the common law duty of confidentiality, making proper data erasure a legal obligation rather than a best practice.

For NHS trusts and healthcare providers, this typically means:

  • HMG IS5 Enhanced (or equivalent) for drives that held patient records
  • Certificates of erasure retained as part of the information governance audit trail
  • Physical destruction for drives that cannot be reliably overwritten
  • Third-party IT asset disposal contractors must demonstrate compliance with these standards

UK Government and Public Sector

Central government departments, local councils, and public sector organizations follow the Government Security Classifications Policy. Media holding OFFICIAL data must be sanitized to at least HMG IS5 Baseline before reuse or disposal. Media holding SECRET or TOP SECRET data has stricter requirements, often involving Enhanced-level erasure or physical destruction, depending on the specific departmental security policy.

Procurement contracts for IT disposal services in the public sector frequently specify HMG IS5 compliance as a requirement, often alongside ADISA (Asset Disposal and Information Security Alliance) certification for the disposal vendor.

The NCSC's Updated Guidance

The National Cyber Security Centre (NCSC), which replaced CESG as the UK government's technical authority on information security, publishes its own "Secure Sanitisation of Storage Media" guidance. This guidance is more current than HMG IS5 and addresses modern storage technologies:

  • For HDDs, the NCSC confirms that a single overwrite pass is sufficient — aligning with NIST 800-88 and effectively endorsing the HMG IS5 Baseline approach
  • For SSDs and flash storage, the NCSC recommends using built-in secure erase functions (cryptographic erase where available) or physical destruction
  • For mobile devices, the NCSC provides device-specific factory reset guidance
  • The NCSC emphasizes verification and documentation regardless of the method used

If you are setting up a new data destruction process in the UK, the NCSC guidance is the best starting point. It incorporates the spirit of HMG IS5 while accounting for the realities of modern hardware.

Which Tools Support HMG IS5?

Most professional data erasure software includes HMG IS5 Baseline and Enhanced as selectable overwrite methods. Here are the tools best suited for organizations needing HMG IS5-compliant erasure:

BitRaser Drive Eraser

BitRaser supports both HMG IS5 Baseline and Enhanced overwrite patterns, along with 20+ other international erasure standards. It generates tamper-proof certificates of erasure that document the standard used, the drive serial number, and the verification result — exactly the documentation UK organizations need for GDPR and NHS compliance audits. BitRaser is the strongest option for organizations needing audit-ready evidence.

KillDisk

KillDisk offers HMG IS5 among its supported erasure methods. Available in both free and professional editions, KillDisk can create bootable media for erasing drives outside of the operating system. The professional edition provides certificate generation and centralized reporting suitable for enterprise deployments.

Parted Magic

Parted Magic is a bootable Linux environment that includes disk erasure tools supporting HMG IS5 patterns. It also provides direct access to ATA Secure Erase and NVMe Sanitize commands for SSDs — making it a versatile option for organizations dealing with mixed HDD and SSD environments. At a one-time purchase price, it is cost-effective for smaller organizations.

Free Alternatives

DBAN (Darik's Boot and Nuke) supports custom overwrite patterns that can replicate HMG IS5 Baseline and Enhanced, though it does not generate formal certificates. ShredOS/nwipe offers similar overwrite capabilities with open-source transparency. Both are HDD-only tools and do not support SSD firmware commands.

For a complete comparison, see our best data erasure software roundup.

What This Means for You

Your approach to HMG IS5 depends on your specific situation:

If You Work in UK Government or Public Sector

HMG IS5 is likely referenced in your department's security policies and your IT disposal contracts. Follow Baseline for OFFICIAL data and Enhanced for SECRET data. Make sure your disposal process generates certificates, and retain those certificates as part of your information governance records. For SSDs, supplement HMG IS5 with NCSC guidance — use firmware-level erase commands or physical destruction.

If You Work in UK Healthcare (NHS)

Patient data requires Enhanced-level erasure at minimum. Use a tool that generates certificates, and ensure your IT asset disposal contractor is ADISA-certified. Keep certificates linked to specific asset records in your IT asset management system. The Data Security and Protection Toolkit audit will ask for evidence of secure disposal.

If You Are a UK-Based Business

You are not legally required to follow HMG IS5 unless your contracts specify it. However, adopting it as your internal standard provides a defensible position for GDPR compliance. HMG IS5 Baseline (a single verified overwrite) is sufficient for most business data on HDDs. For SSDs, follow the NCSC guidance or NIST 800-88 Purge procedures. Document everything — the ICO cares about evidence of process, not which specific standard you chose.

If You Are Outside the UK

HMG IS5 is primarily relevant within the UK. If you are working with a UK client or partner who references it, now you know what they are asking for. Otherwise, NIST 800-88 is the more universally recognized framework that regulators worldwide accept. See our complete guide to data erasure standards for a full comparison.

If You Are Erasing SSDs

HMG IS5 does not apply. Full stop. No number of overwrite passes can reliably erase an SSD due to wear leveling and over-provisioned storage areas. Use ATA Secure Erase, NVMe Sanitize, or cryptographic erase commands instead. Our guide to wiping a hard drive covers the correct procedures for both HDDs and SSDs.

Frequently Asked Questions

What is HMG IS5?

HMG IS5 (His Majesty's Government Infosec Standard 5) is the UK government's standard for secure data sanitization. It defines two overwrite levels — Baseline (one pass of zeros with verification) and Enhanced (three passes with verification) — and is used across UK government departments, the NHS, and public sector organizations handling sensitive data.

What is the difference between HMG IS5 Baseline and Enhanced?

HMG IS5 Baseline performs a single overwrite pass with zeros followed by verification. It is intended for data classified as OFFICIAL or below. HMG IS5 Enhanced performs three overwrite passes — zeros, then ones, then random data — followed by verification. Enhanced is required for higher-sensitivity data classified as SECRET or above.

Is HMG IS5 still used in the UK?

Yes. While the NCSC now publishes updated secure sanitization guidance that covers modern storage technologies, HMG IS5 remains widely referenced in UK government procurement contracts, NHS data handling policies, and public sector IT disposal requirements. Many data erasure tools still list HMG IS5 as a supported standard.

Does HMG IS5 work for SSDs?

No. HMG IS5 was designed for magnetic hard drives. Overwriting does not reliably erase SSDs because wear leveling and over-provisioned storage areas prevent the overwrite from reaching all data locations. For SSDs, the NCSC recommends cryptographic erase or physical destruction. NIST 800-88 Purge-level firmware commands are the appropriate approach for solid-state media.

How does HMG IS5 compare to NIST 800-88?

Both standards address secure data erasure but take different approaches. NIST 800-88 uses a risk-based framework with three levels (Clear, Purge, Destroy) covering all media types. HMG IS5 is prescriptive, specifying exact overwrite patterns for HDDs. HMG IS5 Baseline aligns roughly with NIST 800-88 Clear, while HMG IS5 Enhanced resembles the obsolete DoD 5220.22-M three-pass approach. NIST 800-88 has broader international recognition and covers SSDs.

Do I need to follow HMG IS5 for GDPR compliance?

GDPR does not mandate a specific erasure standard. However, UK-based organizations often reference HMG IS5 or NCSC guidance to demonstrate compliance with GDPR's data erasure requirements. Using a recognized standard with documented verification provides evidence of "appropriate technical measures" as required by the regulation. The standard you follow matters less than having a documented, verifiable process.

Is HMG IS5 Enhanced the same as DoD 5220.22-M?

They are very similar but not identical. Both use a three-pass overwrite approach with comparable patterns. HMG IS5 Enhanced specifies passes of zeros, ones, and random data. The DoD 5220.22-M method historically specified a similar sequence. The practical security outcome is equivalent — both were designed for magnetic media, and both apply more overwrite passes than NIST research shows is necessary for modern HDDs.

What tools support HMG IS5 erasure?

Several professional data erasure tools support HMG IS5 Baseline and Enhanced overwrite patterns, including BitRaser, KillDisk, and Parted Magic. When selecting a tool, look for one that generates a certificate of erasure documenting the HMG IS5 method used, the drive serial number, and the verification result.

What does the NCSC recommend instead of HMG IS5?

The UK National Cyber Security Centre publishes "Secure Sanitisation of Storage Media" guidance that takes a modern, technology-aware approach. It covers HDDs, SSDs, flash media, and mobile devices with specific recommendations for each type. For HDDs, the NCSC confirms that a single overwrite is sufficient. For SSDs, it recommends firmware-level erase commands or physical destruction. The guidance aligns more closely with the NIST 800-88 risk-based framework.

Is one overwrite pass really enough for a hard drive?

Yes. Research referenced by both NIST and the NCSC confirms that a single complete, verified overwrite renders data unrecoverable on modern hard drive technology using any known recovery method. The multi-pass approaches in HMG IS5 Enhanced and DoD 5220.22-M were designed for older magnetic encoding methods (MFM, RLL) that have not been used in drives for over two decades. A single verified pass meets current best-practice recommendations.

The Bottom Line

HMG IS5 remains a valid and widely referenced standard for erasing data from hard drives in UK government, NHS, and public sector contexts. Use Baseline for OFFICIAL data and Enhanced for SECRET data. For SSDs, move beyond HMG IS5 to the NCSC's current guidance or NIST 800-88 Purge procedures. Whichever method you use, document the process and retain certificates — that evidence is what regulators and auditors actually want to see.

Last updated: February 2026. We regularly review and update our guides to ensure accuracy.

Sources: