7 questions your ITAD partner should answer about data sanitation and security

ITAD partner

Data sanitation and security are taking on increased significance in the wake of evolving technology and sophisticated recovery methods.

Does your ITAD partner follow all the internationally recognized standardized processes and procedures required to get the job done?

Here are 7 questions to gauge whether your current or prospective partner is up to the task:

1.      What protocols do you have in place to ensure the secure removal and transportation of IT hardware to your facility?

Make sure your partner — or the vendor of your partner — uses a system of documented actions for each step of the removal process. The chain of custody prompts a range of follow-up questions: Who will tear down the hardware? Where will it be stored before packing? How will logistics work? Who will carry the liability if something goes wrong?

2.      Can the erasure of data be performed at our facility?

If your business desires high levels of control, you may want the process of data sanitation to take place right in your own facility. In that case, you need a partner with portable, high-volume processing equipment, which meets the meets Department of Defense 5220.22M and NIST800-88 standards.

The more flexibility the ITAD expert in question offers, the better for you. An adept partner will let you decide whether you prefer trained technicians coming to you for a turnkey experience or have your staff be trained and supervised, allowing you to manage the project onsite, on your own terms and schedule.

3.      How do we know our ITAD partner will properly wipe all data?

Standardized procedures ensure that a company is using global best industry practices. They establish a culture where operations are being constantly assessed and approved. They create a sustainable and auditable environment. This sort of consistency and accountability is of the utmost importance in the electronics reuse and recycling industry, where high-quality and secure data erasure is an absolute must.

Look for the following certifications that speak directly to your partner’s data wiping capabilities and adherence to industry standards: ISO 9001, ISO 14001, OHSAS 18001, SERI R2 Standard, and DoD 5220.22M and NIST 800-99 adherence. Also, you should receive certificates of data erasure for all processed drives and certificates of destruction for failed drives. Both should be made available and maintained on file for your corporate documentation and peace of mind.

4.    Can our old hardware be traced back to us after redeployment into other markets?

Ensuring your data-containing devices are securely erased is one step in a multi-step process.  If the decision was made to redeploy assets after data sanitization, more questions need to be asked to ensure there is zero probability of data recovery in a forensic environment.  Mainstream can work with you and your team of engineers to ensure proper alignment of goals.

5.      What type of security do you maintain at your facility to ensure secure?

A simple lock doesn’t cut it. Look for well-documented measures to securely manage every step of the process, from limited lab access and 24×7 security cameras to environmental controls and separate security systems for all areas processing sensitive data. You may also want to inquire about employee background checks.

6.      Can you advise us on a suitable lifespan for our data storage hardware?

Obsolescence risks bringing on security issues as aging hardware and software leave them vulnerable to savvy data thieves. Can your ITAD partner advise you on an optimal time to retire your old equipment to recoup the most value? A knowledgeable ITAD partner can offer insights that can help you make an informed decision.

7.      What certifications should we look for?

Certifications tell you everything you need to know about a company’s adherence and dedication to best practices and industry standards. Again, the importance of looking for a partner with the following certifications cannot be overstated: ISO 9001, ISO 14001, OHSAS 18001, SERI R2 Standard, and DoD 5220.22M and NIST 800-99 software adherence.

Do you have more questions? Mainstream Global has the answers. Contact us to learn more about our data wipe solutions and intelligent global remarketing.

Mainstream Global, Inc., headquartered in Lawrence, Mass., owns and operates ISO 9001, 14001, OHSAS 18001 and R2 certified processing centers in the United States, Colombia, Peru, Chile, Argentina and Brazil.  With over 19 years of directly servicing and re-selling assets from top-tier manufacturers, Mainstream Global is the recognized expert.  Our partners rely on us for compliance, security, professionalism, and brand protection, all while providing the best returns and prioritizing global environmental standards. 

 Solutions

Read more:

Why the explosive growth of IoT calls for a solid asset disposal plan

A quick guide to best practices for data erasure

All Mainstream Global sites are now R2 certified: What it means to you.

John Borrelli

Author John Borrelli

More posts by John Borrelli

Leave a Reply