Department of Defense 5220.22-M standards - which included 1-pass, 3-pass and 7-pass methodologies - have essentially been replaced by NIST 800-88 Rev 1 (2014) standards which use the terminology Clear, Purge, and Destroy for logical and physical data destruction. The concept of "passes" to overlay the data on the platters is used for a 20+-year-old technology, and does not adequately deal with the concept of virtual hard drives, solid state drives, caching, and other common technology features.

The NIST SP 800-88 is also the baseline embraced by IEEE and ISO for international data security standards, so we would like to explain Datacom functions within that scope.

Concerning data deletion or sanitation:

Using the DBUTLTY function LOAD with FORMAT=NONE is a useful and efficient method of clearing all user data from a Datacom/DB or Datacom/AD data area. By running this function with the SORT=1 parameter, the data area is cleared, and index and data pointers will be removed for this data area. As the LOAD with FORMAT=NONE will intentionally overwrite the contents of every data block, the original information is no longer available in the specified data areas. This will meet the CLEAR level of protection recommended by the US Department of Commerce National Institute of Standards and Technology Special Publication (SP) 800-88, Revision 1, Guidelines for Media Sanitization, which is the primary erasure process for government, military and enterprise.

We recommend that, if possible, the DBUTLTY function of LOAD with FORMAT=NONE be combined with the INIT function for both the Index and Data areas. Using INIT for both the index and data areas together with LOAD with FORMAT=NONE will reset the entire database to its original format. However, if the Index area cannot be INIT'ed because other data areas in this database are in use, INIT of the desired data area along with the LOAD with FORMAT=NONE will be sufficient to reset this data area to its original state while preserving the other data areas in the database. If a further level of erasure is needed for this data area, we recommend that the data area file be deleted from the z/OS catalog, and then reallocated, initialized, and loaded with FORMAT=NONE so your applications are able to continue with processing.

If you still want to use some multi-pass process to accomplish the DoD 5220.22-M standards, you would need to write your own program that overlays the entire file with all x'00' to completely fill the allocated space, then run it again to overlay the whole file with x'FF', and then run it a third time to overlay the whole file with random characters. You could then follow this with the DBUTLTY INIT and LOAD/FORMAT=NONE to continue processing. There might be some utility provided by your disk hardware manufacturer to help with this, as an application program might not be able to easily perform these writes at a level beyond a logical record.