Most companies IT asset disposition programs are often overlooked. A formal security policy and responsible technology recycling should play a key part in your risk management strategy. It is even more important that you know what steps your IT asset disposal (ITAD) vendor is taking to ensure your company is fully protected. Lack of due diligence leaves your company vulnerable to data security issues (data breaches), compliance issues with regards to your industries regulations, possible environmental violations, and so forth. So ask yourself, what steps are being taken by your vendor to ensure your assets are protected?
A data breach can cost your company tens of thousands to millions of dollars in fines and legal fees. It can also leave your companies image tarnished with bad publicity once it reaches media outlets. I have mentioned this before; the best offense is a good defense. To greatly reduce the risk of a data breach you must partner with someone who has a third-party certification. There are two major certifications to look for, the first is ISO/IEC 27001 certification, and the second is certification from the National Association for Information Destruction (NAID). Having either of these certifications means that your vendor is not only taking the necessary steps to ensure secure data destruction, but their process is under yearly review and audit.
Certified Electronics Recycling- Did you know that your company is responsible for their electronic assets until end of life? If your vendor is disposing of your electronics improperly you can (and will) still be held liable. Like above, the best way to ensure proper electronics recycling is to use a vendor with the proper certifications.
Detailed Reporting- In order to keep track of your assets and have proof of your sensitive data destruction it is important that your vendor provides proper documentation. These reports should come in the form of a certificate of destruction and a detailed inventory report; the good ones will provide a physical copy an online portal where they can be accessed 24/7. They should also be able to provide green reports to show the environmental impact that your responsible recycling is having.
Vendor Coverage- What happens if something goes wrong? What if your vendor has your assets or data stolen from them? These can be scary questions to ask and answer. But, if your vendor has taken all the proper precautions they will have financial coverage to handle these potential situations. They should have insurance coverage that included protections from errors and omissions, environmental, and most importantly data breach. This helps to cover any financial burdens your organization could face, but it also shows your vendors dedication to their trade and your protection. If you aren’t sure what coverage your vendor has, ASK THEM! They should be more than willing to provide their certificates to you to show the level of service you are receiving.
The right vendor can make the IT asset disposition portion of your risk management strategy a breeze, but it will take a little research and a few questions. For statistics on data breaches and more information on certifications and compliance visit our Knowledge Center.
TechR2 is a leading provider for secure onsite data eradication and technology retirement solutions. We are ISO 27001 certified, ISO 14001 certified, ISO 9001 certified, and OHSAS 18001 certified.