Views
1 year ago

CSLATEST

IT recycling I.T.

IT recycling I.T. DISPOSAL: SELECTING THE BEST LEGISLATION REGARDING IT RECYCLING & DISPOSAL, NOT TO MENTION THE FORTHCOMING GDPR REGULATION, IS COMPLICATED ENOUGH. JEAN-PIERRE NAYLOR, DIRECTOR, COMPUTER DISPOSALS LTD, OFFERS HIS THOUGHTS ON CHOOSING THE RIGHT I.T. DISPOSAL COMPANY Thankfully, with a little guidance, you can make an informed decision and choose a reputable IT disposal company from amongst the myriad of so-called 'asset retirement' companies. The following guide is by no means exhaustive, but hopefully will provide a basis to assist you in selecting the right service provider. Does the IT recycling company have appropriate licenses and accreditations? A waste carrier and environmental permit are mandatory legal requirements. ISO 9001 and 14001 should be pre-requisites and ISO 27001 highly desirable, as are memberships of governing bodies. Ask your prospective recycling company for a list of their licenses and accreditations. Also check what measures your IT recycling company have in place to ensure you both meet the forthcoming GDPR regulation. What documentation does it provide? IT recycling companies must provide you with both a Hazardous Waste Consignment Note and a Duty of Care Transfer Note on the day of collection, which covers you from an environmental perspective. Reputable IT recycling companies should provide you with an asset report providing you with a detailed breakdown of all equipment collected, including data sanitisation certification. Ask for sample reports, so you can see the level of information you will receive. How is your data sanitised? There have been a number of high profile cases recently where organisations have fallen foul of the Data Protection Act by allowing sensitive and/or privileged information to reach the public domain. In most cases, this can be traced back to the IT recycling company that simply did not take appropriate measures to erase or safeguard their client's information. The only NCSC or CPA (formerly CESG) approved data erase software is White Canyon or Blancco. If your prospective recycling company is not using one of these software suites, look elsewhere. Does it use its own vehicles and drivers? In terms of sensitive data, your equipment is at its most vulnerable between the point of collection and return to the recycling company, yet many companies continue to use third party carriers to collect and transport your equipment. Ask your prospective recycling company to confirm their transport arrangements. Desirables here would be companies that use their own satellite-tracked and CCTV-equipped vehicles and security vetted drivers. Does it offer on-site media destruction? With the increasing number of high-profile cases where large organisations are being fined for data breaches, many companies are finally realising the importance of protecting their data and ensuring it is sanitised correctly. An increasing number of companies are requesting on-site destruction for all forms of media. Check that your IT disposal partner can offer this service. Don't be fooled by a flashy website! Insist on a site visit. You will be amazed at the disparity in set-ups. A flashy website can hide Jean-Pierre Naylor, director, Computer Disposals Ltd. a multitude of sins. If the IT recycling company appears reluctant to offer a site visit, look elsewhere. Where should I look for a reputable IT recycling company? There are enough established and reputable IT recycling companies to enable you to make a safe and informed decision when selecting your disposal partner. Accrediting bodies, such as ADISA, are a good source, as members have to pass strict criteria, in terms of security and scope of service, although please bear in mind that not all ADISA members use their own transport and drivers. Further information can be found at www.computerdisposals.com and www.adisa.global. 10 computing security March/April 2018 @CSMagAndAwards www.computingsecurity.co.uk

Join the IT leaders taking the simply unified route to cloud security. IT Governance is getting more complex, the penalties more worrying and your competition more cloud-based and agile. WinMagic’s pervasive, everywhere encryption approach is the way forward. By simply securing your IT environment from endpoints across any cloud, you gain a low-cost, low-risk route to compliance and growth supported by a unique new breed of intelligent key management. Get in touch today! Contact our specialists and see how simple securing cloud can be. Email us today at sales@winmagic.com or call 01483 343020