Apple recommends cryptographic erasure. Basically, make sureFileVault is enabled, then reinstall macOS. Reinstalling macOS will destroy the decryption key for your organizations data if FileVault was enabled as well as randomly erasing/overwriting data. 

Encryption and Data Protection overview - Apple Support (GE)

I believe that assertation can be certified with 3rd party products. 
The recovery mode: remove volumes/delete deisk, then reinstall is fairly secure given SSD and not HDD. 
But I still am required to certify a wipe before destruction. We use https://www.blancco.com/

incidentally, we have to wipe and reinstall due to USB restrictions we push via JAMF, before we can use blancco to certify the wipe. 

Apologies for really late reply, but would you have any info on the JAMF integration? or are they two diferent processes? and is this all onsite over USB?

​@Wanderers7 I suggest that you open a new discussion as this one is 2 years old. However, the documentation below should answer your questions.

If you use the Wipe Device button in the device inventory record, Jamf sends the EraseDevice Command to the device. This working over the open internet or not is dependent on how your Jamf environment is configured. The EraseDevice command accomplishes cryptographic erasure which is sufficient to meet NIST 800.88 r2 requirements for data sanitization. 

• https://developer.apple.com/documentation/devicemanagement/erase-device-command
• https://learn.jamf.com/en-US/bundle/jamf-now-documentation/page/Erasing_a_Device_in_Jamf_Now.html
• https://support.apple.com/guide/deployment/erase-devices-dep0a819891e/web
• https://csrc.nist.gov/pubs/sp/800/88/r2/final

Yeah, but that doesnt really help with the Blancco integration piece, thanks anyway.

Blancco has no functional role in the Apple device erasure stack. The correct integration path is to not use it, Apple’s MDM framework already supports cryptographic erasure via the EraseDevice command, which meets the requirements of NIST SP 800-88 Rev. 2 for data sanitization.

Jamf issues this command through the device inventory record, and when received, macOS performs a secure wipe of all user data and cryptographic keys. This is equivalent to “Purge” level sanitization under NIST guidelines, assuming the device is supervised and FileVault is enabled.

If you're working with a recycler, it's important to understand that macOS does not support PXE boot or external USB-based mass erasure workflows like Windows. Apple Silicon and T2-equipped Macs require Secure Boot and external boot to be manually enabled, which most organizations disable for security. That means the device must be wiped via MDM before handoff, or the vendor will not be able to access recovery to perform any additional steps.

Blancco may be useful in Windows environments or for physical drive destruction workflows, but it is not architecturally relevant for macOS endpoints managed via MDM. If your compliance team is asking for Blancco integration, it is worth revisiting the platform-specific sanitization standards. Apple’s native cryptographic erase is sufficient, and third-party tooling does not enhance or validate that process.