When a company moves data and applications to new IT systems or a cloud-based service, the retired assets must be disposed of. IT asset disposition can fall under the broader term of electronics recycling. Items to be recycled may contain sensitive data that must be permanently destroyed in a way that avoids security breaches. Asset tracking, or chain of custody, must be maintained to ensure compliance with applicable internal procedures or third party guidelines, regulatory provisions, or safety and security policies.
In many instances, outsourcing the disposition of information technology assets is the most cost-effective option. A third party vendor specializing in data and equipment destruction, asset resale, or electronics recycling can perform all the necessary functions to ensure compliant disposition in the most efficient and secure way. There are three key qualities to look for in a company when searching for an asset disposition vendor:
Compliance Certifications for IT Recycling
A “certificate of recycling” does not ensure that the vendor will provide secure handling of your data assets and guarantee their disposal in compliance with all applicable regulations, including those relating to minimization of the environmental impact of IT asset recycling. The need for assurance and transparency led to the development of the e-Stewards and R2/RIOS certifications. These certifications require that the primary vendor, and all its associated vendors, have been audited to verify they perform equipment handling and recycling in full compliance with applicable regulations, they observe the highest standards with regard to data security, and they strive to achieve peak levels of workplace health and safety.
Adequate Insurance Coverage
The right insurance coverage for your asset disposition vendor will provide the peace of mind of knowing that even if all steps possible have been taken to minimize breaches and other risks during the course of electronics recycling, in the event something does occur, the potential financial impact will be mitigated by insurance. You will want to verify that the chosen vendor has three specific types of insurance: Errors & Omissions, Environmental Liability, and Data Breach. An additional policy or rider for data breach demonstrates the vendor’s commitment to data security and provides you with coverage for breach related expenses and losses. Always ask to see insurance certificates to verify that the vendor is covered in the event of a data breach or other serious security risk.
Optimal Standards & Practices for Data Sanitization
While security risks associated with data breaches usually occur due to system intrusion or company assets that are left unprotected and unsecured, there is a risk that sensitive and confidential data may be exposed to unauthorized access is through improper electronics recycling or disposal. Physical destruction of drives and data storage media in your building is often seen as the most secure process. Alternatively, resale provides a way for a company to recoup a portion of their IT investment. Data sanitization – using certified, reliable tools and a careful process – will remove data and allow the device to be reused.
In the US, one of the best ways to determine an IT recycling vendor’s compliance with best practices for data sanitization is through certification by the National Association for Information Destruction (NAID). NAID performs periodic audits and inspections to evaluate a vendor’s compliance with secure information handling procedures, and is the only third party association that certifies vendors in the area of effective data destruction.
Conclusion
Selecting the right electronics recycling vendor can be an easy decision once it has been determined that the vendor meets certain requirements with regard to certification in data destruction, environmental compliance, and adequate data breach insurance coverage. Do not compromise your company’s reputation or integrity, or take a chance of possible exposure to security risks and data breaches, by failing to thoroughly investigate an IT asset disposition firm when outsourcing electronics recycling, re-sale, or destruction.
For more information, please download Lifespan’s free 2013 Guide to Environmental Compliance in IT Asset Disposition.
