ITAD Vendor Standards: Beyond Certifications
In today’s tech world IT security is a known priority. While manufacturers and software developers work to manage data security of equipment while in operation, the IT asset disposition (ITAD) industry has the pressure of ensuring data destruction after data has been generated, entered, used and stored.
Businesses may find it difficult to trust a third-party vendor to manage retired IT and electronic devices. For example, Microsoft worked with a vendor to dispose of returned, current and/or obsolete Microsoft hardware and software. After years of business, Microsoft claims to have found this vendor to be selling their products on the black market, costing millions of dollars in damages1.
Circumstances such as this can make IT managers weary especially when in the midst of searching for a company who could be the right fit. Industry certifications and standards are certainly credible references to guide businesses towards a vendor that best fits their needs. Certifications that hold credibility in this industry now go beyond recycling and proper disposition. As security plays a more significant role in vendor selection, upgraded industry security certifications are now being considered. These certifications may include,
- The Asset Disposal and Information Security Alliance (ADISA) certification, which was introduced in the United Kingdom in 2010,
- The Transported Asset Protection Association (TAPA) which was created to prevent cargo theft, and
- The ISO/IEC 27001 standard which provides requirements for an information security management system (ISMS), which is a system in place to manage sensitive company information so it remains secure.
In addition, Computing Security Magazine recognizes the products, services and companies who have been most impressive in protecting organizations from IT security threats, as selected by end users and peers within the security sector4. This year, among several IT security companies, the magazine recognized Sims Recycling Solutions for the “Secure Data Erasure Company of the Year” award.
Regardless, during your vendor selection it is recommended to research more than just certifications. Many companies select an ITAD vendor without going through a formal process and, as a result, some settle for a vendor who may only partially fulfill their needs. Other than checking off a box for certifications you should also implement a formal process for a request for proposal (RFP) to consider how each vendor can handle:
- Proof of complete digital data destruction,
- Indemnification for liability when equipment is removed from your facility,
- Financial settlements,
- Compliance assurances,
- Reuse and recycling,
- And more…
Selecting a new vendor is a daunting task, particularly when you have concerns about protecting confidential data and satisfying corporate compliance requirements. Implementing the change is rarely easy, however, under the right circumstance, a new vendor can be a catalyst that allows your company to optimize operational efficiencies and achieve sustainability initiatives.
Download this free RFP Template today for important guidance on managing the disposition of retired IT assets.