a certificate that data was destroyed is absolutely worthless no matter who it comes from.
what kind of sorcery do they have to let them determine that no backups were taken before they arrived to "certify"?