Imagine waking up to discover your company had an intense data breach of confidential client information. Your data is now dispersed across the illicit market, your stock price has tanked, and your company is now in legal trouble. The biggest kicker, it was entirely preventable.
You are now trying to wrap your head around where the security breach happened. You discover that your ITAD provider did not wipe your hard drives before re-selling. You are perplexed given they have lots of experience in the industry until you discover they held zero reputable ITAD certifications. The most important question you’re asking yourself now is if I hired a certified provider would the data breach still have occurred? There’s always a possibility regardless of the amount of experience or certifications an ITAD provider holds that there is a data breach. If they say otherwise, take that as a red flag because ITAD companies can never guarantee zero data breaches. However, working with a certified ITAD company and doing your due diligence can prevent any risks, including data security, that your company may face.
Now you’re asking, how do I do my due diligence in the future to give my company the best fighting chance at avoiding future incidents? By following one simple rule. Always check to see if the company is certified with industry standards and matches all your regulatory compliance needs. Most ITAD companies have their certifications displayed on their website or are displayed on the certifications’ websites. However, again you are thinking, I understand I need to have a certified ITAD company, but which certifications matter and are reputable in the industry?
Here's a breakdown of the top certification classes all ITAD companies should have:
Data Protection Standards
- Data Protection based standards ensure that consumer data is safe and secure by complying with industry regulations.
- NAID AAA or ADISA 8.0
- NAID AAA: Audits must be conducted for certification. The AAA represents completing the audit and complying with NAID’s rigorous standards. The certification ensures the company adheres to the highest security and ethics standards.
- ADISA 8.0: A leading certification for data protection, compliance, and risk management in the U.K., ensures data is protected by a secure sanitization process.
- NAID AAA or ADISA 8.0
Responsible Recycling Standards
- Responsible Recycling standards encompass responsible data sanitization, reuse, and recycling of electronics for maximum product lifespan and the standardization of end-of-life processes for IT assets.
- R2v3 or E-Stewards
- R2v3: requires periodic audits and to also be certified in management systems standards including ISO 9001, ISO 14001, and ISO 45001.
- E-Stewards: requires to be certified in NAID AAA and a management system standard - ISO 14001 or RIOS.
- R2v3 or E-Stewards
Management System Standards
- Management System standards provide the standardization for operations and push for the improvement of the quality and consistency of processes and products.
- ISO 9001 (Quality Management)
- Ensures consistent, quality services and products are provided to customers.
- ISO 14001 (Environmental Management)
- Ensures that the company’s environmental impact is being actively measured and improved.
- ISO 45001 (Occupational Health and Safety)
- Requires substantial improvements to workplace structure and processes for safer working conditions and lower risks to employees.
- RIOS
- This certification combines ISO 9001, ISO 14001, and ISO 45001 mentioned in one single integrated management system.
- ISO 9001 (Quality Management)
Social and Environmental Standards
- Social and Environmental standards amplify the consistency, transparency, and accountability of all decision-making processes while mitigating adverse impacts on the people and the environment.
- B Corporation
- Ensures a company balances profit and purpose by meeting the highest standards for verified social and environmental performance.
- B Corporation
With the knowledge of what equates to an industry-leading certification, you are now one step closer to ensuring your future ITAD providers satisfy all your regulatory compliance needs. Although an ITAD provider can never guarantee zero data breaches, checking their certifications and processes ensures you are doing your due diligence and giving your company the best fighting chance at avoiding another incident. DMD Systems Recovery Inc. (DMD) is certified in NAID AAA, R2v3, ISO 9001, ISO 14001, ISO 45001, and B Corporation. Choosing DMD, a certified ITAD provider means choosing stricter data protection, responsible recycling, management systems, and social and environmental standards.
COMMENTS