Johannesburg – IT Asset Disposition (ITAD) is becoming a business-critical process and of utmost importance for business leaders, says Xperien CEO Wale Arewa.
Xperien provides secure ITAD services. The South African firm has obtained ISO 9001, 14001 and 45001 accreditations.
“The drastic increase in data breaches worldwide has resulted in massive fines, class action lawsuits and a lot of negative reputational impact,” says Arewa.
“ITAD is a good example of third-party technology risk.
“Whilst a regulation breach may occur downstream at a third-party ITAD service provider, the company is still jointly liable.”
Arewa says third-party risk must be addressed and one needs to consider local and global standards and regulations that are relevant to the ITAD industry.
Some standards and regulations are industry-specific whilst others are more general and focus on environmental compliance and quality assurance.
Businesses add a layer of certainty and assurance to their ITAD programme when appointing an accredited ITAD or e-Waste provider.
“A well-defined data destruction strategy should be a part of every company’s data destruction policy and if any third-party service providers are to be appointed, it is important that they are accredited and certified,” Arewa says.
Here is a guideline of some essential ITAD certifications and accreditations:
ITAD specific certifications
1. ISO 9001 Quality Management Systems (QMS): Companies use this standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. The service certification must be ITAD-specific.
2. R2v3: This certification is a voluntary sustainability standard that certifies responsible electronics processors. IT Asset Managers partnering with ITAD companies with R2v3-certified infrastructure can have increased confidence that their sensitive data is destroyed, that electronics with residual value will be reused, and that their assets won’t end up in a landfill or in a dumping ground halfway around the world.
3. e-Stewards: This certification was introduced in 2009 by the Basel Action Network (BAN). The BAN was founded with the aim of improving recyclers adherence to the Basel Convention.
4. ADISA’s IT Asset Recovery Certification: This is a UK-developed global standard for ITAD providers and was recently updated to version 8. The current version of the standard is approved by the UK Information Commissioner (ICO) as a UK GDPR certification scheme.
5. NAID AAA Certification: The National Institute for Information Destruction (NAID) provides a certification program for their members. The standard was first developed in 2000 and now over 1 000 facilities are certified worldwide.
There are no institutions or associations that accredit ITAD service providers in South Africa.
However, they can become registered members of various recycling authorities or associations.
They are also known as Producer Responsibility Organisations (PROs), registered with The Department of Forestry, Fisheries and the Environment.
For a recycling service provider, membership to these recycling authorities does not require compliance to any accredited standard.
PRO’s relating to electrical and electronic e-Waste (EEE) organisations include:
- The EPR Waste Association of South Africa (eWASA) is a registered Producer Responsibility Organisation (PRO) with The Department of Forestry, Fisheries and the Environment (DFFE) for the Electrical and Electronic Equipment (EEE), Lighting and Paper and Packaging Sectors. eWASA was established to manage the establishment of a sustainable, environmentally sound e-waste management system for the country. It has been working with manufacturers, vendors and distributors of electronic and electrical goods and e-waste handlers (including refurbishers, dismantlers and recyclers) to manage e-Waste, lighting waste and associated paper and packaging effectively. Recyclers are required to pay an annual fee and pledge to conform to a code of ethics.
- ERA E-waste Recycling Authority (ERA) is a registered Non-profit Company (NPC). ERA is to ensure that we help recyclers meet their EPR obligations in a simple, effective, cost-effective and measurable way – as efficiently as possible. Its mission is to provide effective governance and the growth of a sustainable and effective WEEE management system in South Africa. Also, to establish a sustainable and fair WEEE collection and recycling system that works to meet recyclers environmental compliance obligations in a manner that meets our collective aspirations for our country, planet, and people. Membership is free and an onboarding process to disclose details of your recycling operation.
Industry standards and certifications ensure that certified ITAD companies and recyclers are accredited by a third-party auditor and certifying bodies to safely dispose of and recycle IT assets according to global norms.
About Xperien (www.xperien.com)
Join the Circular Economy – Reducing the global e-waste problem and optimising the lifecycle of IT hardware.
Xperien (Pty) Ltd is a leading South African IT Asset Disposition (ITAD) company. We are a passionate team of professionals who care about our planet, its people, and its resources.
From humble beginnings 21 years ago as a used computer dealer, we strive to make our contribution by redefining the way corporations use IT hardware.
We provide our clients with secure ITAD services and have obtained ISO 9001, 14001 and 45001 accreditations specifically for ITAD.
Our value proposition is to protect our clients’ personal information and intellectual property that resides on their computers during technology changes and at end-of-service.
We manage our client’s enterprise and desktop infrastructure in a sustainable manner – across the globe.
Logistical solutions are tailored to cater to our clients’ geographical spread and to negate the ever-present risk of hard-drive theft from dispositioned computers.
Xperien provides cost-effective solutions to combat the challenges associated with data loss and to mitigate reputational risk.
Our compliance meets the NIST 800-88, DoD 5220.22-M, and CEGS criteria, particularly in terms of data-destruction processes, while adherence to the Protection of Personal Information Act of 2013 (POPIA) and General Data Protection Regulation (GDPR) is core to our business.