ITAD (IT Asset Disposition) is something that can rarely be done in-house, and so it is imperative that whichever service provider you choose to manage it for your business is adequately qualified and wholly prepared to undertake the task as comprehensively as possible. This blog aims to help you understand what you should look for in an ITAD provider, and what each relevant certification in the industry means.
Why do Certifications Matter in ITAD?
Certifications matter when it comes to ITAD as there are a myriad of risks that can occur if it is done improperly. This includes compliance violations, data breaches, and environmental harm. All of these can be extremely harmful to a business’ reputation, and can even spell the end of a business if financial penalties are harsh enough.
Certifications provide third-party validation that a provider is well qualified in ITAD practices and that they follow the best practices for the industry, as well as adhere to any legal obligations.
Briefly speaking, ITAD certifications are a good indication that you can trust a provider to:
- Enact secure data destruction
- Hold responsibility over their environmental impact
- Comply to regulations and legislation
- Offer transparency over their operations.
ITAD Certifications: R2v3 (Responsible Recycling Standard)
R2v3 is one of the most well-recognised certifications for electronic recycling, and focuses primarily on the safe reuse, recycling and disposal of electronics.
To meet the certification criteria of R2v3, ITAD providers must enact and prove they have strict standards around data security, the environmental impact of their operations, and the safety of their workers.
R2v3 doesn’t just ensure that e-waste is processed responsibly, but also reduces the risk of unsafe recycling and the illegal export of electronics.
Procurri’s Canada facilities are all R2v3 accredited.
IT Certifications: NAID AAA
NAID AAA is a specific data security certification offered by i-SIGMA (International Secure Information Governance & Management Association). Its principles cover both the physical destruction of electronics and data sanitization, and focuses on the security of data-bearing devices.
NAID AAA is considered a particularly stringent certification as it includes both scheduled and surprise audits for those accredited; so there is absolutely no room for error for ITAD providers.
Procurri is fully NAID AAA certified.
IT Certifications: ADISA
One of the most ITAD-specific certifications is ADISA. It’s an independent standard that verifies ITAD providers follow strict data security and environmental practices.
ADISA regularly audits processes for securely wiping or destroying data, protecting sensitive information, and responsibly recycling equipment; and is considered one of the best indicators of a trustworthy and compliant ITAD provider.
Procurri’s UK-based ITAD facilities are ADISA certified.
ITAD Certifications: ISO Standards
ISO (International Organization for Standardization) standards are internationally agreed guidelines to ensure the safety, reliability and consistency of products, services and systems. ISO provides a range of frameworks for quality, safety, efficiency, and interoperability across industries to help organizations improve processes.
ISO 27001 – Information Security
ISO 27001 is the international standard for ISMS (Information Security Management Systems). This links in to ITAD as the devices being handled by service providers may contain sensitive data; so an ITAD provider holding this certification can demonstrate they follow the strictest possible controls.
ISO 14001 – Environmental Management
The standard for EMS (Environmental Management Systems), ISO 14001, helps ensure that all e-waste is handled properly and in a way that reduces its environmental impact. ITAD providers who are able to prove they have ISO 14001 standard can be considered reliable for CSR (Corporate Social Responsibility) and sustainability commitments.
ISO 9001:2015 – Quality Management
The international standard for QMS (Quality Management Systems), ISO 9001:2015 specifies requirements for quality management, to ensure that organizations meet regulatory requirements in the products and services they provide, as well as working to continually improve processes. For ITAD providers, holding this standard means that they’re able to demonstrate they always use the most appropriate, sustainable and newest technologies available to them, as relevant for your e-waste.
ISO 45001 – Occupational Health and Safety
ISO 45001 ensures that safe working practices are followed within ITAD facilities. By its nature, there are several hazardous aspects to working in such facilities, including being around hazardous materials, dangerous machinery and electronic debris. ISO 45001 is an absolute must for ITAD providers – as without it, they may not be able to guarantee the safety of their workers.
Procurri adheres to all of the above ISO standards.
Additional Compliance Standards for ITAD Providers
There are a variety of other compliance frameworks that ITAD providers can or must adhere to; some legally required, some voluntary. As regulations rather than certifications, reputable ITAD providers will always work to adhere to them and operate with compliance. Such standards include:
- GDPR (General Data Protection Regulation) for European businesses – a European Union law that instils strict regulations for the collection, usage and storage of data for both security and transparency. This gives individuals the rights over their own data, and applies to any organization holding such data of any EU resident. Penalties for non-compliance are strict.
- WEEE (Waste Electrical and Electronic Equipment) Directive for European businesses – another EU law that promotes recycling, reuse and responsible disposal of electrical and electronic equipment in order to reduce e-waste. WEEE requires producers to finance collection and treatment systems, encourages environmentally friendly product design, and helps prevent hazardous materials from harming human health and the environment.
- RoHS (Restriction of Hazardous Substances) Directive for European businesses – another EU law limiting hazardous materials in electrical and electronic equipment, such as lead, mercury, and cadmium. RoHS aims to protect both human health and the environment, encourage safer manufacturing, and requires manufacturers to ensure products sold in the EU comply with strict substance restrictions. For ITAD providers who handle any such substances in devices they are processing, adherence to RoHS is a legal necessity.
What to Ask a Potential ITAD Provider
It’s important to feel confident that your chosen ITAD provider will do a thorough and secure job of asset disposal when the time arises – and that your organization is not put at any risk by using them. At Procurri, we always recommend verifying certifications rather than taking such claims at face value – particularly if the package prices being offered are very low, or the provider operates from a country or territory you’re unfamiliar with. As a rule of thumb, it’s sensible to ask:
- Can the ITAD provider supply copies of their current certification documents?
- How often does the ITAD provider perform audits, and are these internally or externally conducted?
- Does the ITAD provider’s certifications cover all of the sites that will process your assets, or just some?
- Which data destruction methods does the ITAD provider use?
There are several warning signs to look out for when compiling the information required to choose an appropriate ITAD provider. These include:
- Claims of certification without proof
- Expired or outdated certifications – these do not provide assurance for current operations
- Supply chain outsourcing that isn’t transparent – it’s important to know if the ITAD provider is processing your assets themselves or passing it on
- A lack of documented chain of custody
- Claims that no guarantee can be given for the removal of data.
So, what do Procurri offer for ITAD?
Procurri boasts unrivalled expertise in ITAD, with all of the abovementioned certifications and standards in place.
Our ITAD solutions are designed to help you manage your end-of-life IT assets securely and responsibly. We offer secure data erasure, certified data destruction, and environmentally friendly disposal methods to ensure your sensitive information remains protected throughout the asset lifecycle. Our experienced team will guide you through the entire ITAD process, from asset tracking and collection to asset remarketing and recycling.
Procurri uses only the highest standard of data destruction tools, and offers entirely secure transportation and processing facilities, so customers can rest assured that all data-bearing devices are processed with the utmost security in mind.
What’s more, we can even offer ITAD to create a revenue stream for your organization – through the use of any salvageable parts for recycling or refurbishment; selling them onward through our hardware channel. This means that what so often is considered an end-of-life expenditure can actually generate some finances back, and helps contribute toward sustainability goals by reducing overconsumption and promoting recyclability: a win-win!
Want to talk through what we offer and how we regulate and control our ITAD processes? Get in touch with the team today!
