IT Asset Disposition (ITAD) describes the last phase of IT Asset Management in which IT Assets are securely and responsibly disposed of. The ITAD process provides compliant NAID AAA-certified data sanitization (data destruction) using various techniques, such as wiping hard drives to NIST 800-88 standards, degaussing, hard drive shredding, and media disintegration. This process can occur onsite via our mobile service, or assets can be picked up and sanitized at our secure facilities.   After sanitization or destruction, IT Assets are recycled or resold while ensuring environmental compliance and data security.    

IT Asset Disposition (ITAD) is crucial for several reasons. First and foremost is data security.  ITAD done right means any sensitive data is completely erased from retired devices. Sometimes, it calls for shredding or disintegrating data-bearing devices if they contain classified information.  It is also essential for companies to comply with industry, Federal, and local E-waste compliance standards. Many companies also have internal standards for environmental governance.  A company needs to choose an IT Asset Disposition company that can assure compliance, security, and the highest environmental standards to avoid potential breaches or non-compliance, which can result in extreme fines and reputational damage. In addition, IT asset disposition is cost-effective as companies can recover value from obsolete assets through resale, recycling, or donation. 

When selecting an ITAD provider, consider the following:

1. Certifications and compliance with industry standards
2. Secure data destruction methods
3. Environmental responsibility practices
4. TransparencyTimliness and accuracy in reporting and 
5. Range of services offered (e.g., on-site data destruction, recycling, resale)
6. Reputation and customer reviews

For more detailed advice on what to look for in a responsible E-Waste recycling partner, please read our blog post, and for our look at the top IT asset disposition companies, please click here. 

NIST 800-88 is a guideline published by the National Institute of Standards and Technology that outlines best practices for media sanitization. The guidelines categorize data based on sensitivity, which helps determine the appropriate sanitization method. Highly sensitive information, such as classified or confidential data, requires more stringent sanitization than less sensitive data. The guidelines categorize media sanitization into three levels: Clear, Purge, and Destroy. Each level corresponds to different methods and levels of assurance in data sanitization. For a deeper dive into NIST 800-88 and the guidelines recommended for media sanitization, please read our blog NIST 800-88: Secure Data Destruction Standards for Media Sanitization.

Standard data destruction methods include:

• Software-based data wiping: This data destruction method employs software to purge a data-bearing device to NIST 800-88 standards.  Wiping is the most sustainable option, as equipment can be safely reused or donated while ensuring data has been irretrievably destroyed.
• Degaussing is a powerful demagnetization process (for magnetic media) that is a proven method for removing data from magnetic storage hard drives and tapes.

Physical destruction (shredding or disintegration):  This destruction process involves physically destroying data-bearing devices.  The shredding method is chosen based on the physical size of the data-bearing device and the sensitivity level of the media on the device. The most sensitive information and the smallest devices, such as Solid-state drives (SSDs), flash drives, smartphones, SIM cards, memory cards, and micro SD cards, are usually shredded using a disintegrator capable of shredding these items to 2mm pulp.  

Media sanitization means permanently removing all data from a storage device to prevent unauthorized access. This can involve overwriting, degaussing, or physically destroying the media to ensure data cannot be recovered.

The National Security Agency (NSA) has established stringent standards for data destruction to protect classified information. These standards typically involve physical destruction methods, such as disintegration, incineration, or pulverization, to ensure that sensitive and classified data cannot be recovered. The NSA issues a list of evaluated products that meet NSA specifications as well as an FAQ page that answers questions about media destruction. Securis employs several products from the evaluated products list. 

R2v3 certification is a reliable indicator that a vendor meets stringent electronics recycling and refurbishment requirements. This certification is not merely a management system but a comprehensive sustainability standard to achieve positive outcomes in electronic waste management. As an R2v3 Certified Facility, Securis undergoes independent audits to ensure compliance with the highest global electronics reuse and recycling standards. Please read our blog post to learn why you should choose an R2v3-certified e-waste recycling company for your ITAD needs.

A Certificate of Destruction (CoD) is more than just a document; it’s your assurance that your IT assets have been securely and permanently destroyed to NIST 800-88 standards, protecting your sensitive information from potential breaches. This vital certificate proves compliance with data protection regulations, helping your organization meet legal and industry standards while safeguarding your reputation. At Securis, we are committed to providing comprehensive and transparent documentation with every CoD, ensuring you have complete confidence in our meticulous processes. Our certificates detail the destruction of your assets, reinforcing your compliance and strengthening your security posture. They are available online in our Client Portal 24/7.

The Responsible Recycling (R2v3) certification is a globally acknowledged electronics recycling and refurbishment standard. Developed by Sustainable Electronics Recycling International (SERI), the R2v3 standard mandates that certified facilities adhere to strict environmental, health, safety, and data security protocols. It is the most widely adopted sustainability standard for electronics recycling and refurbishment, applicable to facilities of all sizes and locations.  R2v3 certification is a reliable indicator that a vendor meets stringent electronics recycling and refurbishment requirements. This certification is not merely a management system but a comprehensive sustainability standard designed to achieve positive outcomes in electronic waste management. As an R2v3 Certified Facility, we undergo independent audits to ensure compliance with the highest global electronics reuse and recycling standards. Please read our blog to learn why you should choose an R2v3-certified e-waste Recycling Company for your ITAD. 

Data center decommissioning is the process of closing down and dismantling a data center, which includes the removal of IT assets from the data center and the subsequent media sanitization, disposal, and recycling of those assets. ITAD is a broader term that is an acronym for IT Asset Disposition, which describes the  last phase of the IT Asset Management cycle in which IT Assets are securely and responsibly disposed of. Data center decommissioning is more specialized and should be handled by companies experienced with the unique challenges and requirements of decommissioning large-scale data center environments which may include electrical and HVAC systems.

Securis has proudly been in business since 2020.  You can learn more about our Company History here. 

Our Standard data destruction methods include:

• Software-based data wiping employs software to purge a data-bearing device to NIST 800-88 standards.  Wiping is the most sustainable option, as equipment can be safely reused or donated while ensuring data has been irretrievably destroyed.
• Degaussing is a powerful demagnetization process (for magnetic media) that is a proven method for removing data from magnetic storage hard drives and tapes.
• Physical destruction (shredding or disintegration) involves physically destroying data-bearing devices.  The size of the shredded materials depends on the kind of device and the sensitivity of the media contained in the device. The most sensitive information and the smallest devices, such as Solid-state drives (SSDs), flash drives, smartphones, SIM cards, memory cards, and micro SD cards, will be shredded using a disintegrator capable of shredding these items to 2mm pulp. 
• Smelting is an option but only sometimes used.

Yes, Securis provides Certificates of Destruction (CoD) for all destroyed assets as evidence that your IT assets have been securely and permanently destroyed to NIST 800-88 standards. Our certificates detail the destruction of your assets and are available online in our Client Portal 24/7.

Yes, we capture serial numbers for all assets (if available) and provide detailed reporting.  The average inventory accuracy rate in the ITAD industry is just 85% due to challenges such as damaged or missing asset tags, difficulty scanning large quantities of assets, and the appearance of multiple barcodes on electronic assets. At Securis, our thorough triple-checking process and use of AI uncover data-bearing devices that customers miss.  Our inventory documentation reflects our commitment to accuracy throughout the ITAD process and promises a leak-proof chain of custody for every asset.  After project completion, your inventory documentation will be available online via our Client Portal so that you will be audit-ready at any time.

Yes, Securis employs several products on the National Security Agency (NSA) evaluated products list. The (NSA) has established stringent standards for data destruction to protect classified information. These standards typically involve physical destruction methods, such as disintegration, incineration, or pulverization, to ensure that sensitive data cannot be recovered. The NSA issues a list of evaluated products that meet NSA specifications as well as an FAQ page that answers questions about media destruction. 

Yes, Securis always follows NIST 800-88 standards when deciding which data destruction methods would be most appropriate for a client.  NIST 800-88 is a guideline published by the National Institute of Standards and Technology that outlines best practices for media sanitization. It provides recommendations for the most appropriate method for securely erasing data from various storage devices to prevent unauthorized access to sensitive information. The guidelines categorize data based on sensitivity, which helps determine the appropriate sanitization method. Highly sensitive information, such as classified or confidential data, requires more stringent sanitization than less sensitive data. The guidelines categorize media sanitization into three levels: Clear, Purge, and Destroy. Each level corresponds to different methods and levels of assurance in data sanitization. For a deeper dive into NIST 800-88, please read our blog NIST 800-88: Secure Data Destruction Standards for Media Sanitization.

Securis uses NAID AAA-certified mobile trucks to extend service across the United States. Our physical locations are in Northern Virginia, Norfolk, Virginia, Central Carolina, Provo, UT and Richmond, Virginia. 

Securis’ industrial shredding services are the foundation of our secure and certified data destruction processes. Our proprietary trucks allow us to safely destroy traditional hard drives (HDD) and smaller items such as  Solid State Drives (SSD), flash drives, smartphone SIM and memory cards, and micro SD cards on-site at the customer’s location or securely in our access-controlled facilities. Depending on the destruction standards that need to be met, we can offer traditional shredding as well as a disintegration option that goes beyond traditional shredding and pulverizes devices into 2mm e-crumbs as recommended by the NSA, rendering all data completely irrecoverable. Certain hazardous materials, such as lithium-ion batteries, need to be removed before we shred phones and tablets. Some larger items may require our team to perform manual disassembly or cutting before they can be shredded in our mobile shredders. Items as large as a 1974 Volkswagen Bug can be shredded. For systems that are highly classified, the 2mm dust left over from NSA EPL disintegration could be incinerated if requested. Call our team to discuss your specific requirements.

Yes, Securis is R2v3 certified and dedicated to green recycling practices for each piece of equipment – whether intact, refurbished, or broken down for scrap to ensure harmful chemicals do not end up in landfills. Even our downstream vendors must follow strict standards to prevent environmental harm. Global stewardship and a commitment to serving others are at the core of Securis’ beliefs. As an electronic recycler, refurbisher, re-integrator, and data destruction firm, Securis’ mission is to provide environmentally sound solutions for the secure, effective management and removal of any organization’s end-of-life electronic assets while providing the most secure IT data destruction services in the industry. Securis’ commitment to improving the environment expresses our guiding principles and demonstrates our “think globally and act locally” sensibilities.  Please read our blog to learn why you should choose an R2v3-certified e-waste Recycling Company for your ITAD. 

There’s no need to completely write off the value of IT equipment in today’s environment. Along with secure data destruction, IT asset value recovery should be a consideration when decommissioning a data center or business environment. Securis technicians have over 20 years of experience identifying value in retired IT assets. This leads to a quick, efficient, and maximally profitable liquidation process, helping you maximize your assets’ residual value and offset the decommissioning process’s costs.

Our specialized mobile truck is equipped with machines that allow us to provide quiet, speedy, and secure software-based wiping, degaussing,  hard drive shredding, and Data Disintegration services wherever you are, allowing us to serve clients nationally. Performing on-site electronic media shredding at the client’s location enables their personnel to witness the process, thus maintaining the highest level of security.  Our mobile trucks are NAID AAA Certified, so you can be sure that your ITAD projects will meet the strict information disposal standards established by the National Association of Information Destruction (NAID).

Yes, we do.  If you do not have enough equipment to warrant a site visit or need a secure place to keep equipment until your service window arrives, Securis has a variety of Pelican Storm Cases that our clients can use to store or securely send equipment to Securis.  These cases are military tough and designed to be safe and secure in the harshest conditions.  Classified information can be transported via storm cases from USPS or courier as long as protocols are followed.  In this video, our Director of Operations, Sal Salvetti, explains how Securis clients use  Pelican storm cases.

Securis is NAID AAA certified for mobile operations and at our main facility in Northern Virginia.  An NAID AAA certification provides several important assurances about an ITAD (IT Asset Disposition) vendor.  NAID AAA-certified vendors must adhere to rigorous standards for secure data destruction, following strict protocols and employing robust security measures to safeguard confidential information during the entire ITAD process, including safe transportation, controlled facility access, and secure destruction methods. NAID AAA certification involves comprehensive auditing and compliance verification, as vendors must undergo scheduled and unannounced audits by trained, accredited security professionals to verify compliance with data protection laws and NAID standards. The certification process includes rigorous audits in 20 operational and security requirements areas. NAID auditors verify employee screening processes, validate employment and training records, and randomly test employees’ knowledge of data erasure policies. Auditors verify quality control logs and inspect security systems like CCTV and alarm logs. Vendors must have appropriate written policies and procedures in place for all aspects of data destruction.  NAID AAA certification signals that the vendor will keep sensitive information secure until it is properly destroyed, helping protect against data breaches.

Securis posts inventory reports and certificates of destruction on average 72 hours of project completion.  These reports and certificates are available to our clients 24/7 via our Client Portal.

Secure On-Site services begin at the client location. Securis‘ professionally trained and certified staff members scan, tag, and inventory all electronics slated for destruction or recycling to establish a chain of custody. Once inventory is complete, media sanitization begins.  This often takes place onsite at our clients’ offices but can also occur at the Securis facilities, depending on the particulars of the agreement.  Securis performs wiping, degaussing, shredding, and disintegration services during sanitization using our NSA-approved equipment. Sanitized equipment is then loaded onto a Securis GPS-traceable truck and securely transported to one of Securis’ processing facilities, where a client-approved recycling plan is executed.  Inventory lists are updated with records of all processed items for audit and accountability purposes.  At the end of the process, a complete inventory list is provided to the client, as well as a Certificate of Destruction, a nationally recognized legal document of performance.

Securis has been an IT Asset disposition (ITAD) leader for over 24 years. Over that time, we have worked with some of the country’s largest data centers, healthcare facilities, government contractors and agencies, and financial institutions. 

Secure: Our vast experience with large IT Asset Disposition (ITAD) projects has helped us streamline the ITAD process to ensure we are using the most secure data destruction methods for your hard drive destruction and IT asset disposal needs. Our numerous certifications, including NAID AAA, ensure strict compliance with all Federal, state, and local data destruction standards.  

Accurate:   The average inventory accuracy rate in the ITAD industry is just 85%. At Securis, we achieve greater than 99% accuracy in our ITAD processes. Our thorough triple-checking process uncovers data-bearing devices that customers miss.  Our inventory documentation reflects our commitment to accuracy throughout the ITAD process and promises a leak-proof chain of custody for every asset.  Learn more about Why Inventory Matters in Electronics Recycling and Data Destruction Policy.

Sustainable: We are R2v3 certified and dedicated to green recycling practices for each piece of equipment – whether intact, refurbished, or broken down for scrap. Even our downstream vendors must follow strict standards to prevent environmental harm. To learn why you should choose an R2v3-certified e-waste Recycling Company for your ITAD, please read our blog on that subject. 

Our North Virginia facility and mobile operations are NAID AAA-certified, ensuring that security protocols are strictly followed. Securis has experience destroying CUI, Secret, Top Secret, and even SAP classified data. While all employees are background checked and drug tested, please call to discuss your specific requirements.

Yes, our trucks are GPS-monitored and driven by screened employees, including through background checks, fingerprinting, and drug testing.  

The most environmentally friendly way to recycle computers is to sanitize the data using a NIST 800-88 purge. To purge the data, customers should leave the drives in the computer. If a customer requires the drives to be shredded, the customer can remove them, or Securis technicians can remove them. We charge an additional fee to remove drives from computers or caddies.

We require that servers and network equipment be powered off and can remove servers from racks for an additional fee.

We can recycle Lithium Ion batteries and uninterruptable power supplies (UPS).

Our schedule is usually booked out two or more weeks in advance. While it is best to contact us 3-4 weeks ahead of time, we may be able to schedule sooner if you are flexible on the date and time.

Networking gear will be returned to factory settings unless the customer requests the data-bearing devices be shredded. Our best practice is to destroy data-bearing devices in firewalls. If we can not return switches to the factory setting for any reason, we destroy data-bearing devices before recycling them as a requirement of our certifications. Clients are welcome to witness the entire process if they wish.

Yes.  Some customers request that we match drive serial numbers to servers before shredding and we can do this for an additional charge.   Our photo AI scanning service significantly increases the accuracy of hard drive scanning. Learn more about our AI scanning technology in this video. 

If you don’t have a complete inventory, one of our account representatives may be able to visit your site before scheduling your job. If that is not possible, pictures can help estimate quantities. Securis will do its best to assist you with estimating your inventory and charge for the number of recycled items.

Unlike single-use plastics, electronics can be recycled in an environmentally friendly way without breaking the bank. This is because some equipment can be re-sold after proper data sanitization, which offsets some of the high labor and machinery costs associated with older equipment that is disassembled and scrapped.

We don’t shred paper, only hard drives and electronics. We have referred companies to www.trueshred.com and received positive feedback.

Securis is not a minority-owned company, but we partner with various companies, including 8(a) minority-certified and SDVOSB Service Disabled Veteran Owned Small Businesses.   Securis has a program that employs people with intellectual disabilities, which many companies report on as part of supplier diversity, ESG, and DEIB initiatives. 

Most businesses do not realize the impact of e-waste on the local and world environments; they simply view their obsolete electronics as trash. That can harm every city on the planet.

The electronics we use for business and play contain materials such as antimony, arsenic, lead, and mercury that are unhealthy to us and to our environment. It is surprisingly easy for these materials to ultimately end up in our bodies and cause major issues including lung damage, cancer, and seizures.

Just one color monitor alone contains 6 ½ pounds of lead and measurable amounts of cadmium, mercury, and other toxic metals.

At Securis, every part of the electronic asset is recycled in our e-waste recycling programs. Each item is strategically and securely dismantled. All toxic elements are responsibly disposed of, and all remaining metals, plastics, glass, and circuitry are processed domestically. It’s a commitment we make to keep everyone and every land healthy during computer disposal and recycling.

We define and perform electronics recycling for materials listed under the Resource Conservation and Recovery Act (RCRA) issued by the Environmental Protection Agency (EPA) These include:

• Televisions
• Monitors
• Computers
• Printers
• Computer peripherals
• Audio and stereo equipment
• VCRs
• DVD players
• Video cameras
• Telephones
• Facsimiles
• Copying machines
• Cellular phones
• Wireless devices
• Solar Panels

Some electronic device components contain constituents that, if improperly handled, could be harmful to the environment and its inhabitants. E-waste that is not recycled ends up in the environment. Water is poisoned, the air turns toxic, the soil becomes dead, and wildlife and plant life suffer, which is part of why e-waste recycling is so important.

Certain components of electronics contain measurable amounts of regulated heavy metals, including lead, silver, barium, cadmium, and mercury. Many of these metals can be recovered and responsibly disposed of, based upon EPA standards.

It is estimated that of the approximately 250,000,000 tons of solid waste generated annually in the United States, around 5% is classified as e-waste.2 Of this, only an estimated 10% to 18% of electronics are recycled, according to WellHome.3

Securis wants to help change this for the good of our local and global environments through our e-waste recycling commitment.

A NOTICE OF VIOLATION can be issued by the Resource Conservation and Recovery Act.

Failure to correct the alleged violations cited required by this NOTICE may result in the assessment of penalties, not to exceed $27,500 per violation pursuant to Section 3008 of Resource Conservation and Recovery Act (RCRA) of 1976, 42 U.S.C. § 6928.

Donation programs can work well if all involved parties understand the limits and liabilities associated with the transfer of equipment. Questions such as, “Who will ensure that proprietary data is eliminated before the donation?”? need to be answered prior to ownership transfer.

The Gramm-Leach-Bliley Act of 1993, Health Insurance Portability and Accountability Act (HIPAA), and many other state and federal laws make all companies and organizational entities legally responsible for the protection of client privacy. Failure to effectively destroy all informational data prior to the transfer of ownership leaves an organization open to corporate liability.

Securis’ Data Destruction process helps eliminate the worry of such a risk.

While we do our best to be sure each customer receives the maximum value from each repurposed and scrapped piece of IT equipment, there are certain items that cost us to properly dispose of, such as some televisions and monitors (see a full list of acceptable items and fees here).

Materials such as antimony, arsenic, lead, and mercury used to manufacture electronics are unhealthy to us. If not recycled properly, it is surprisingly easy for these materials to ultimately end up in our bodies and cause major issues including lung damage, cancer, and seizures. E-waste that is not recycled ends up in the environment. Water is poisoned, the air turns toxic, the soil becomes dead, and wildlife and plant life suffer.

To avoid these harmful effects on both our bodies and our environment, reputable e-waste recycling companies provide outlets for responsible riddance of your old electronics. Unfortunately, some e-waste recycling companies lower their costs by exporting old electronics to countries like Ghana, Nigeria, Pakistan, India, and China where it gets broken down by men, women, and children who are usually unprotected from the toxins.

Securis just doesn’t believe that is how the w-waste recycling process should be handled. We focus on proper disposal and e-waste recycling that’s safe and doesn’t put the less-fortunate at risk.

Read more from the sources we’ve used:

• http://www.epa.gov/osw/nonhaz/municipal/pubs/msw_2010_rev_factsheet.pdf
  
• http://www.greenpeace.org/usa/en/campaigns/toxics/hi-tech-highly-toxic/e-waste/
  
• http://www.treehugger.com/clean-technology/crazy-e-waste-statistics-explored-in-infographic.html

Essentially, a degausser is a machine that changes the magnetic domain of magnetic data storage devices where the data is stored. Examples of magnetic storage would be media like backup LTO and DLT tapes, VHS tapes, cassettes, reel-to-reel tapes and hard drives. Compact Discs (CDs) are not considered magnetic storage because the data is stored on the disc with optics. When the degausser is applied to magnetic domains the information is scrambled into random patterns. This process renders the data that was stored in these magnetic domains unreadable.

Some generic magnetic storage devices can be reused after the degaussing process has taken place. Reel-to-reel tape and VHS video cassettes and older media types are examples of these kinds of devices. However these items are so old that saving them or reusing them is generally not a common practice because of the very limited storage capabilities.

For other forms of newer data storage like server hard drives and some backup tapes, degaussing renders the media completely unusable because of permanent damage to the storage system. This happens because of damage to the special servo control data that is written onto the media at the factory by the manufacturer. Once the servo track is damaged, it cannot be corrected. Degaussing removes not only the stored data on the device but also removes the servo control data, and without the servo data the device is no longer able to determine where data is to be read from or written to on the magnetic media.

Physical destruction of a data storage device alone technically does not remove the data. It just makes the device (tape or hard drive) unusable and the data unreasonable to retrieve.

This means that even though the item has passed through a shredder, it still has data on the little pieces that can be recovered. Many recycling and shredding firms claim that after shredding the data is not recoverable. This is a possibility, albeit unlikely, depending on where the shredded hard drive was sent.

After shredding a hard drive, most computer experts would not be able to retrieve data from the shredded pieces. However, there are some people/places/countries that would indeed be able to retrieve the information. How is this possible? If you take a magnet and smash it on the ground, the magnet will break into small pieces, but each of these pieces is still magnetic. Hard drives work the same way. Because the hard drives or tapes store the data using magnetics, even a small piece of the device retains its magnetic properties, and therefore can still be read.

Most of the time, degaussing is the only way to satisfy a federal requirement related to the sanitization and destruction of clearance-level information like “Classified” or “Top Secret.” In an attempt to protect the country’s classified information, several different federal agencies have standards and procedures that have been written on how to handle the destruction of sensitive data. Those standards involve the use of a degausser followed by physical destruction of the unit.

Our services are customized based on each client’s quantity, frequency, and desired level of security.

The degausser is internally mounted and powered by our 26’ box truck so that the service can be provided at your site. However, we also have the capability to degauss the drives off-site at our secure, NAID-certified facility. This is typically done once or twice a week. For maximum data security assurance, we recommend on-site degaussing followed by on-site shredding.

Yes, monitoring of the magnetic fields is done via a program we use called FieldCheckR. Our degausser is verified before every degaussing process to ensure that it is properly functioning. Not all degaussers have the ability to be tested using our digital read-out system with the FieldCheckR program.

Solid State Drives (SSDs) do not store data magnetically, so they cannot be degaussed. Please visit this blog post to learn more about the best practice for destroying information stored on solid-state drives.

Yes, secure data shredding with a controlled, smaller shred width and particle size is the most secure method for solid-state drives. View more information on our blog by clicking this link.

Shredding is an added redundancy to ensure the absolute destruction of data. Due to the fact that a degaussed drive and a non-degaussed drive physically do not look different, it is a best practice to shred drives after they are degaussed.

Organizations with zero tolerance for any leaks who want to be totally risk-free and can rationalize the cost. Typically data that is sensitive or proprietary, such as mission-critical data, financial information, private health records, or personal identifying information, should be considered for degaussing. Most organizations today consume some type of sensitive data, whether its employee bank account information, social security numbers, or even HR records.