IT recycling and disposal legislation is complicated enough, there is no reason to make matters worse by making the wrong choices. An alarming number of IT recycling companies are not providing a bona fide service and this could leave businesses liable.
There are a number of basic requirements and information one should request before partnering with any IT recycling company. An increasing number of government regulations, industry standards and internal risk mitigation policies require organisations to sanitise storage media prior to disposal or reuse.
There are numerous destruction options that guarantee privacy and also ensure a company’s reputation will not be compromised. Whether data destruction is done through software erasure, hard drive shredding or degaussing, a certificate of data destruction must be provided to validate the quality of service.
A Certificate of Data Destruction is an assurance that every possible measure was taken to safely and securely eradicate and destroy all data compliant with Government and industry regulations.
Xperien CEO Wale Arewa says computers, phones and other digital devices needn’t be discarded; they can be optimised through reuse, repair or resale. “Refurbishment is good for both consumers and the environment.”
“However, one needs to ensure refurbished systems are ISO certified and audited. Certified Refurbished System (CRS) is an industry standard that gives consumers piece of mind knowing that they have purchased from an accredited reseller with good aftersales service.”
The Protection of Personal Information Act 2013 (PoPI 2013) affects every company and is arguably the most important element of the recycling and disposal process. It enforces companies to introduce strict measures and guidelines that will safeguard the processing, usage and handling of sensitive information. It also places a strict onus on businesses when it comes to handling personal information about their clients, staff and customers.
Furthermore, one could request Environmental Management System (EMS) ISO 14001:2004 accreditation for refurbishment and redistribution of redundant IT assets and equipment. It is a global series of EMS standards that were developed for organisations to incorporate environmental aspects into operations and product standards.
ISO 14000 is a set of voluntary environmental management standards, guides and technical reports, which specifically focuses on corporate environmental management systems, operating practices, products, and services.
BSI is another requirement, it is amongst the most respected and reputable management systems certification bodies in the world and accredited by around 20 local and international bodies. BSI is an accreditation that confirms that the IT recycler operates a Quality Management System (QMS) that complies with requirements of ISO 9001:2015 for the Collection and Disposal of IT assets and equipment.
Arewa says proper accreditation means being assessed against internationally recognised standards. “BSI certification means the recycling company truly operates to the highest levels of quality and service. With more than a million organisations certified to it globally, ISO 9001 is the most widely recognised standard in the world.”
Although not a legal requirement, reputable IT recycling companies should provide an asset report with a detailed breakdown of equipment collected. Secure reverse logistics with a chain of custody should be provided for each item containing a hard drive and daily trend reporting must be included so that undesirable trends can be identified before they become critical.
“Asset disposal service providers should offer a secure chain of custody for the assets, have a call centre to schedule hardware collection, provide packaging and secure transportation. It should also provide onsite data elimination, mobile hard drive destruction and issue data destruction and IT asset disposal compliance certificates,” he says.
“They should also offer asset buybacks and also provide trend reporting with a detailed audit trail. If your service provider can deliver all this with clear and transparent charges, you are on the right track,” he concludes.