Beyond ITAD Security Certifications: What You Need to Look For

Posted by on July 3, 2018

Globally, only 52 percent of companies have security standards in place for third-party vendors. When it comes to IT and electronic equipment it is always recommended to take a closer look at your vendor’s security standards. If you haven’t already you should create and enforce a set of criteria of minimum requirements needed to do business with you.

What does it take for an IT asset disposition vendor to be completely secure? The answer is not so simple. IT asset disposition (ITAD) and electronics recycling companies consist of a variety of links in a chain. There is no simple, quick and easy solution for managing all IT and electronic waste. Just as fast as manufacturers are creating these new devices, recyclers and disposal vendors must stay innovative to accommodate.

When retiring end-of-life electronic equipment two choices are available, reuse and recycling. In general, the process begins by identifying the value of electronic equipment for reuse, then saving material from going to landfill by shredding and separating its commodity value. Here is a video that further explains the process of how electronics are recycled.

Aside from quality, environmental and security certifications, which are important to consider, learning more about a company’s security management structure is helpful. Here is an outline of some IT asset disposition security processes to look for in your vendor to mitigate ITAD security threats.

Communication of security standards

It is one thing to have a strong and thorough plan on paper but if nobody knows about it, it’s useless. Ask your vendor what their internal communications structure is like to ensure all employees are made aware.

Companywide training on security awareness

Training is essential to ensuring employees, especially when there is turnover, are kept informed of the most recent security standards in place. Often there will be different types of training sessions depending on the role of the individual to make sure it is relatable to the staff. Regular training should be scheduled in case there are updates or reminders to share.

Assessments on internal site security  

Minimum standards for recycling facilities are basic physical security measures such as perimeter fences, closed-circuit television (CCTV) systems and intrusion detection systems. IT asset management and ITAD security capabilities are more advanced than recycling security capabilities. This is mainly because of the data sanitization and destruction services offered and the specified requirement to mitigate security threats and vulnerabilities involved in providing this type of service. A benefit of working with a company that manages both the IT asset disposition and electronics recycling, is that security requirements can carry over to both sides of the business resulting in implemented security features that often exceed standard requirements.

Identification of threats

In order to have a clear understanding of how to mitigate security threats, ITAD vendors must have a good understanding of the threats that exist. Make sure your ITAD and/or electronics recycling vendor has an understanding of the types of threats that exist for each IT asset. Then it would be helpful to understand the processes they have in place to mitigate each type of threat.

Continuous plans for improvements to site security

The constant evolution of technology eventually trickles down to disposition vendors. Therefore adjustments made to the operation create the need for continuous site analysis to determine if the existing security standards will still work next year.

If the service being offered shows they have addressed a strong security framework that is properly and consistently defined, planned and communicated this will provide you with more confidence in choosing ITAD services with them.

 

Download our template for IT asset disposition programs to ensure your program is aligned with your organization’s requirements.

[Webinar] IT Asset Disposition & GDPR: What you Need to Know

Categories