ADISA offers accreditation to businesses who deal with IT asset disposal (ITAD) and approves products involved in data sanitisation. Its services are dynamic enough to deal with an increasingly regulated sector, conducting reassessments every year. The latest set of standards accredits ITAD providers who deliver consistent security through independently verified tools and the latest best practices. This way, end users are assured of ethical, secure conduct.
ADISA classifies risk according to five different levels of data breach risk. This ensures that every audit is consistent, and that corrective actions are standardised. Minor infringements may result in a timescale for corrective actions as well as temporary suspension. Serious nonconformity results in full suspension within a day of the audit.
These are the main criteria for ADISA certification:
Certified ITAD companies are required to keep tight control over the transfer of custody from collection all the way through to delivery at the processing centre. Waste transfer notes and collection notes are just two examples of the records they're required to keep. In addition, clients must be given waste compliance reports and copies of certificates of destruction.
The ITAD Standard
The ITAD Standard is applied through seven assessment modules:
1. Business credentials
3. Processing facility
4. Waste management
6. On-site services
7. For leasing companies
Fully certified members comply with modules one through five, while fully certified on-site services members comply with all modules. Leasing companies must comply with five or more modules as well as module seven. Businesses that achieve a score of 70% - 84% are given a merit score. Ideally, the ITAD company you use will pass all tests without having to take corrective actions.
Blancco Data Destruction Software
Blancco’s data erasure software has become the standard across the world, including as part of the ADISA audit process. Blancco’s SSD Erasure Method is competent enough to meet ADISA’s risk levels 1-4. Blancco Mobile Device Erasure has been certified for mobile device risk levels one and two.
ADISA requires e-waste to be shredded down to granules of 10mm or smaller. Data granulation down to 6mm or smaller is ideal. A record of shredded items and destruction certificates will form part of your internal auditing records.
The vehicles you use for IT recovery are subject to a stiff set of requirements governing GPS tracking, fleet size, and vehicle design. They must:
- Have adequate physical protections such as alarms and immobilisers.
- Have solid bulkheads and sides.
- Be tracked via GPS software that stores route data for at least six months. Stationary alerts and route control capabilities are also required.
- Not use multi-point collections unless clients has given written consent.
- Have generic livery.
- Be operated by enhanced DBS-checked drivers.
Membership & Certifications
To earn certification, ITAD companies must provide audit paperwork for assessment before being audited by an ADISA team. After the second phase is completed, prospective members must submit evidence to support any audit points raised during assessment. ADISA does more than merely offer one-time certification. Its members must pass two audits a year and one full audit every three years. Unannounced audits ensure that quality standards are where they should be and follow a forensic process.
The GDPR covers every facet of data recycling, and ADISA’s standards are suitably stiff, giving you the assurance you need. The organisation keeps an open list of the companies it certifies, running bi-annual audits to keep its list clean. This allows you to monitor certified companies over time to assess their long term performance. For ADISA-certified, GDPR-compliant IT asset recycling, please get in touch today.
Image source: Adisa