Using Unified Endpoint Management Tools to Maximize IT Asset Value and Increase Security – Using Automation to Prepare Computers for End-of-Life

UEM: Preparing for ITAD

IT Asset lifecycle management, especially at end-of-life, can be complex and costly without the right tools. Unified Endpoint Management (UEM) systems can be invaluable in this process, helping organizations simplify asset preparation for secure IT recycling for end-of-life assets while providing valuable help with maintaining data security and optimizing environmental and operational goals throughout the asset’s life. 

As IT asset disposition (ITAD) professionals, we have learned that clients who employ UEM systems are more prepared for efficient and cost-effective disposition processes.  This blog discusses how UEM ITAD integration can simplify the journey from active use to the responsible retirement of end-of-life IT assets. 

UEM for ITADWhat is Unified Endpoint Management (UEM)?

UEM is a comprehensive platform that allows IT teams to centrally manage and secure all endpoint devices—laptops, desktops, mobile devices, IoT devices, and more. It goes beyond Mobile Device Management (MDM) by incorporating advanced features like device performance tracking, compliance management, and integration with security tools. UEM tools are typically integrated with security tools such as Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR).

Common UEM tools in use at our customers include Intune, JAMF, IBM MaaS360, VMware Airwatch, Citrix, Connectwise, BigFix, Google Device Manager, Ivanti Nuerons, Cisco Meraki Systems Manage

UEM  increases security and improves the management of computers throughout the IT asset lifecycle. Its capabilities make it a perfect ally in preparing IT assets for safe and efficient disposition.

How UEM Can Prepare IT Assets for Recycling with an IT Asset Disposition Vendor

  1. Comprehensive Asset Inventory: UEM tools provide real-time visibility into all endpoints within your organization. This centralized inventory makes tracking devices’ location, status, and configuration easy, ensuring no asset is overlooked during ITAD planning.  This inventory may be integrated with IT Asset Management (ITAM) databases like ServiceNow.
  2. Secure Data Erasure: UEM allows IT administrators to perform initial wipes before disposing of devices. This adds a layer of security to your IT recycling and complements Securis’ certified data destruction processes. As a NAID AAA-certified company, Securis ensures your devices are completely sanitized, including hard drive shredding or data purging, that meets or exceeds industry, state, and federal compliance standards. 
  3. IT Asset Lifecycle Management: UEM tracks device age, performance, and usage patterns, helping IT teams determine when an asset should be retired or recycled. Devices flagged for end-of-life can be prioritized for UEM-based preparation and secure IT asset recycling.
  4. Policy Enforcement: Features like BIOS locks, encryption enforcement, and Trusted Platform Module (TPM) settings protect your devices from breaches before they reach an ITAD vendor.
  5. Compliance Assurance: UEM platforms facilitate adherence to data protection regulations, such as GDPR or HIPAA, by standardizing data handling and ensuring devices meet compliance requirements throughout their lifecycle.

Issues with ITAD when BIOS locks are not removed from IT Assets

BIOS Lock

A BIOS lock is a security feature restricting unauthorized access to a computer’s Basic Input/Output System (BIOS) settings. The BIOS is responsible for initializing hardware components during the boot-up process, and setting a password can prevent unauthorized users from tampering with hardware configurations or altering system settings. UEM can automate the removal of BIOS locks and resetting devices, ensuring that customer data is removed and recycling or reuse happens quickly. However, BIOS locks can also slow down the ITAD process in several ways:

  1. Access Restriction: If a device is BIOS-locked and the password is unknown, it can prevent access to the system. This restriction can complicate the data wiping process, which is essential for ensuring that no sensitive data remains on devices before recycling, re-use, or resale.
  2. Hardware Configuration: A locked BIOS might prevent changes to the boot order or other hardware configurations necessary for running data erasure software from external media. This limitation can hinder the ability to erase data from storage drives.
  3. Disposal Challenges: For organizations disposing of large numbers of devices, managing BIOS locks can be resource-intensive. It may require additional time and effort to unlock devices or ensure they are disposed of securely without compromising data security.

To mitigate these issues, IT departments should use their UEM  software to reset the device, remove it from management, and wipe corporate data before the disposition process begins.  If this step is not performed and the asset has a bios lock, the asset will become stuck in limbo and unable to be sanitized to NIST 800-88 standards by the ITAD firm.

The Benefits of Removing BIOS Locks Before Initiating ITAD Service

Reasons to make sure that you remove BIOS locks before sending assets to a certified ITAD vendor include: 

  1. Frees Up Software Licenses: Removing corporate data and unregistering devices from management through UEM releases software licenses, making them available on newer devices.
  2. Enhanced Security: By wiping devices before sending them to an ITAD provider, UEM reduces the risk of breaches. Companies should choose a NAID AAA ITAD provider that will also sanitize the data, but an initial software sanitization is easy when automated and provides an extra layer of security for protecting data during storage or transport.
  3. Supports Environmental Goals Properly prepared devices have greater reuse or donation potential because value is reduced over time.  This process supports sustainability efforts and reduces e-waste.
  4. Speeds Up ITAD Processing: Devices reset and removed from UEM are ready for immediate processing by your ITAD vendor, saving time and ensuring quicker asset turnaround.

Your Next Steps in ITAD Success

By integrating UEM into your IT asset management strategy, your organization can unlock more value from its devices while ensuring data security and regulatory compliance. At Securis, we’re here to partner with you, offering certified ITAD services that complement your use of UEM. Together, we can streamline the final stage of your IT lifecycle and positively impact the environment.

Don’t let outdated devices slow you down.  Securis can make sure your IT Asset disposition projects are successful and efficient. Contact Securis today for a consultation on how UEM and certified ITAD services can benefit your business.

Secure Data Destruction and Responsible Electronics Recycling: Protecting Data While Helping Others

The Growing E-Waste Problem: A Call for Responsible IT Recycling

E-waste is dangerous for the environmentIn a fast-paced digital environment, businesses must constantly upgrade their technology to remain competitive. Millions of electronic devices are discarded or replaced yearly, creating an escalating e-waste recycling dilemma. Many of these devices still function perfectly but have become obsolete for corporate use. At the same time, there is a significant demand for technology in schools, non-profits, and developing communities. The challenge is ensuring that data security is not compromised while responsibly recycling these electronics. The solution lies in a robust process combining data security, electronic recycling, and environmental responsibility. Secure data destruction and IT recycling play a critical role in this effort, ensuring that sensitive information is completely erased without the complete physical destruction of hard drives. This ultimately benefits the schools or non-profits that receive the donated electronic assets and keeps e-waste out of the environment. 

A Comprehensive Solution for Secure Data Erasure and Electronics Donation

Ensure all device data is fully sanitized and/or destroyed before donating or sellingUltra-secure IT recycling services, such as those offered by Securis, provide businesses an efficient and responsible way to recycle computers and donate electronics. Securis ensures that companies can donate their old equipment without exposing sensitive corporate data to risk by utilizing secure data destruction techniques. Companies can confidently recycle their electronics using advanced data erasure software and certified destruction processes, allowing them to donate these unneeded IT assets with the assurance that their data has been completely and securely destroyed before donation. 

 

The Process of Secure Data Erasure and Electronics Recycling 

  1. Securis mobile ServicesCollection and Inventory
    Securis starts by collecting and inventorying the company’s outdated devices. Every item is carefully cataloged to maintain a complete chain of custody.
  2. Data Erasure and Destruction
    The data destruction process can occur onsite using our mobile services or offsite at the secure Securis facilities. Using advanced software, Securis completely overwrites all data on the devices, ensuring no recoverable data remains. This secure data erasure is a far more secure solution than simple file deletion or re-formatting.
  3. Verification and Certification
    After the data is securely erased, each device is verified to confirm that no data remains. Securis then provides a certificate of data destruction for each device, which can be used to prove compliance with industry regulations and offer peace of mind.
  4. Refurbishment
    Once the devices are completely wiped clean, they are refurbished if necessary. This may involve cleaning, minor repairs, or software updates to ensure the devices are in good working condition for their next user.
  5. Donation or E-Waste Recycling
    Finally, the refurbished electronics are ready to donate to schools, non-profits, or other needy organizations. If the devices are beyond repair, they are responsibly recycled, ensuring they do not contribute to harmful environmental impacts. Our R2V3 certification ensures environmentally responsible electronics recycling practices.  

Meeting Global Standards for Secure Data Destruction

hard drive data destructionSecuris’ data erasure processes meet or exceed industry standards such as NIST 800-88 and the U.S. Department of Defense’s DoD 5220.22-M. We also comply with many other specific industry standards for data protection, as detailed on this web page.  Our mobile services and facilities are NAID AAA certified to ensure the highest data security standards. 

Benefits of Secure Data Destruction and IT Recycling for Companies

Partnering with Securis for IT recycling and secure data destruction offers numerous advantages for businesses:

  • Enhanced Data Security: Companies can rest assured that their sensitive data will not be exposed to unauthorized individuals, minimizing the risk of data breaches and the associated financial and reputational damage.
  • Regulatory Compliance: Securis’ certified data erasure process helps companies meet strict industry regulations, providing comprehensive documentation for data protection compliance.
  • Corporate Social Responsibility (CSR): Donating refurbished electronics supports communities in need and enhances a company’s CSR efforts, improving its public image and potentially providing tax benefits. 
  • Environmental Impact: Companies that donate working devices reduce e-waste and contribute to environmental sustainability. Devices beyond repair are responsibly recycled in compliance with e-waste recycling standards.
  • Cost-Effective: The cost of securely erasing data and donating or recycling electronics is significantly less than the risks associated with data breaches or the storage costs of outdated devices.

Real-World Impact: Bridging the Digital Divide Through Donations

Bridging the Digital Divide Through Donations The benefits of computer and device donation extend beyond the donating company, making a significant impact on communities in need:

  • Bridging the Digital Divide: Many schools and non-profits operate with limited resources, making it difficult to provide up-to-date technology. Donations of refurbished electronics help close this gap.
  • Supporting STEM Education: Donated devices provide students with hands-on experience, support STEM education, and prepare them for careers in technology and engineering.
  • Empowering Entrepreneurs: Some donated devices are given to small businesses or aspiring entrepreneurs, helping them get the technology they need to grow their ventures.
  • Global Impact: Donated recycled electronics can also be shipped to developing countries, where they improve access to technology, education, and healthcare, making a lasting difference in underserved communities.

Choosing the Right Partner for Data Security and IT Recycling

When selecting a partner for secure data destruction and electronics recycling, choosing a reputable provider like Securis is essential. With certifications such as NAID AAA and R2v3, Securis ensures that your electronic assets are handled securely and responsibly. Securis also offers comprehensive logistics solutions to simplify the process, even for large enterprises with multiple locations.

The Future of E-Waste Recycling and Electronics Donation

reduce e-waste and support the environmentAs technology evolves, the need for responsible e-waste recycling and secure IT recycling will only grow. Increased awareness of data protection and electronic recycling challenges will likely encourage more companies to adopt IT Asset donation programs. This shift towards a circular economy, where devices have multiple lifecycles, will help reduce e-waste and support environmental and social causes. 

Conclusion: Protecting Data and the Planet with Secure Electronics Recycling

In an increasingly digital world, data security and environmental responsibility are critical priorities. With services like secure data destruction and IT recycling, companies can protect their sensitive data while contributing to a more sustainable and equitable future. By partnering with trusted providers for e-waste recycling, businesses safeguard their information and help bridge the digital divide, support education, and reduce environmental impact. It’s a win-win for both business and society.

As we move toward a more sustainable digital future, the importance of secure IT recycling and data protection will continue to grow. Companies that prioritize responsible IT Asset disposal today will be better positioned to meet the challenges of tomorrow.

 

What are the Different Hard Drive Data Destruction Methods?

Data security has become a paramount concern for individuals and organizations in today’s digital environment. As we accumulate vast amounts of sensitive information on our hard drives, it’s crucial to understand the various methods available for securely destroying this data when it’s no longer needed. Let’s dive into the hard drive data destruction world and explore the techniques that ensure your confidential information doesn’t fall into the wrong hands.

The Importance of Proper Data Destruction

Before we delve into the specific methods, it’s worth emphasizing why proper data destruction is critical. A data breach can result in astronomical financial losses and irreparable damage to a company’s reputation. Taking a cavalier approach to data disposal is simply not an option. Whether you’re a large corporation or an individual looking to sell your old computer, ensuring your sensitive data is completely and irretrievably destroyed before passing it on for re-use or recycling should be a top priority. Software-based wiping is one method for removing data from a hard drive, but it may not be adequate for all situations. When physical hard drive destruction is called for, the following are the best options:

degaussing for data destructionDegaussing: Erasing with Magnetic Force

Degaussing is a fascinating process that uses powerful magnetic fields to scramble the data stored on magnetic media, such as hard drives and tape drives. When a degausser is applied to a hard drive, it changes the magnetic domains where the data is stored, effectively scrambling the information into random patterns. This renders the data on the drive wholly unreadable and unrecoverable.

Key Points About Degaussing:

  • Degaussing is effective on both functional and non-functional drives
  • Degaussing a hard drive destroys not only data but also drive formatting and control information
  • Degaussing is a process that renders the drive permanently unusable
  • Degaussing is compliant with many stringent data destruction standards

NSA-Approved Equipment

For the highest level of security, organizations like Securis use NSA-approved degaussers, such as the LM4 model. These machines are recertified annually to ensure they meet the most rigorous standards for data destruction.

Data destruction - Hard drive shreddingShredding: Crushing the Problem

Nothing beats the physical destruction of the hard drive when it comes to absolute certainty in data destruction. Hard drive shredding is precisely what it sounds like – the drive is fed into an industrial shredder that reduces it to small metal fragments.

Benefits of Hard Drive Shredding:

  • Provides visual confirmation of data destruction
  • Extremely effective against all forms of data recovery
  • Can be performed on-site for added security

The Hard Drive Shredding Process

Typically, hard drive shredding involves the following steps:

  • Collection and inventory of drives
  • Secure transport (if shredding is not performed on-site)
  • Shredding using industrial-grade equipment
  • Proper disposal or recycling of the resulting materials

microshredded material MicroShredding: Taking It a Step Further

Microshredding (also known as disintegration) takes the shredding process to the extreme for those requiring an even higher level of security. This method reduces hard drives to dust-like particles, ensuring that no readable data can possibly survive.

When to Consider MicroShredding:

  • Handling classified or top-secret information
  • Dealing with highly sensitive personal or financial data
  • Compliance with the most stringent data destruction regulations

Combining Methods for Ultimate Security

While each method can be effective independently, many data destruction services combine techniques for added peace of mind. For instance, a common approach is to degauss hard drives before shredding them. This two-step process ensures that the data is first magnetically erased and then physically destroyed, leaving no possibility of recovery.

secure data destructionChoosing the Right Method for Your Needs

Selecting the appropriate data destruction method depends on several factors:

Security Requirements

Consider the sensitivity of your data and any regulatory compliance needs. Physical destruction methods like shredding or micro shredding may be necessary for sensitive or highly classified information.

Volume of Drives

If you’re dealing with a large number of drives, a method like degaussing might be more efficient than individual wiping.

Drive Condition

Remember that wiping requires a functional drive, while degaussing and shredding can be performed on non-operational devices.

On and off-site serviceThe Role of Professional Data Destruction Services

While some data destruction methods can be performed in-house, many organizations opt to use professional services for several reasons:

Certified Equipment and Processes

Companies like Securis use NSA-approved equipment and follow strict protocols to ensure compliance with industry standards. They will also have essential certifications such as NAID AAA and R2v3, which can assure clients that the company meets rigorous standards for security and sustainability.

Chain of Custody

Professional services provide detailed documentation of the destruction process, which can be crucial for audit purposes.

On-Site Services

Many providers, including Securis, offer on-site destruction, eliminating the need to transport sensitive data off-premises and allowing secure data destruction to occur on-premises and under the client’s supervision.

Environmentally Responsible Disposal

Reputable data destruction companies ensure that materials are recycled or disposed of in an environmentally friendly manner. An R2v3 certification is an important way to know how serious the company is about sustainable recycling.

solid state drivesBeyond Hard Drives: Other Media to Consider

While we’ve focused primarily on hard drives, it’s important to remember that data can reside on various media types. Professional data destruction services often handle:

  • Solid State Drives (SSDs)
  • Tape drives
  • USB flash drives
  • Mobile devices
  • Optical media (CDs, DVDs)

Each of these may require specific destruction techniques to ensure complete data erasure. Because many of these devices are physically small, disintegration may be the best option for physical shredding.

shredded drivesConclusion: Taking Data Destruction Seriously

There are many vulnerabilities to a company’s data. These vulnerabilities are not over when the life of the data-bearing device is over. Protecting that data throughout its lifecycle—including its end-of-life—is crucial. Whether you choose wiping, degaussing, shredding, or a combination of methods, the key is approaching data destruction with the seriousness it deserves. Remember, proper data destruction costs are insignificant compared to the potential fallout from a data breach. By understanding and implementing appropriate data destruction methods, you’re not just protecting information – you’re safeguarding your organization’s future, reputation, and peace of mind. So, the next time you’re faced with old hard drives or other data-bearing devices, don’t just toss them in the trash or let them gather dust in a closet. Take the time to ensure your sensitive data is genuinely, irrevocably destroyed. After all, in data security, it’s always better to be safe than sorry.

Why Your IT Asset Disposition (ITAD) Partner Should Be NAID AAA Certified

According to the IBM Cost of a Data Breach Report 2024, the global average data breach cost skyrocketed to $4.88 million this year! Avoid the risk of data breaches and costly fines by choosing a NAID AAA-certified vendor for your IT asset disposal. In an era where sensitive data is a prime target, not every data destruction service meets the highest standards. A NAID AAA certification ensures your IT assets are disposed of securely, fully compliant with industry regulations, and with the professionalism your business deserves. By working with a trusted, NAID AAA certified partner, you’re making a critical investment in protecting your company’s data and reputation.

Avoid the risk of a data breach

What is NAID AAA Certification?

NAID (National Association for Information Destruction) AAA certification is a globally recognized standard for companies providing secure data destruction services. It demonstrates that a vendor adheres to strict protocols designed to protect sensitive data and meet the most rigorous data protection standards. When it comes time to find an IT Asset Disposition partner,  working with a NAID AAA-certified partner offers several key benefits for businesses looking to mitigate risk and ensure compliance.

1. Rigorous Data Security and Destruction Standards

NAID AAA-certified vendors follow the most stringent data destruction standards, which include robust measures to safeguard confidential information throughout the IT asset disposition process.

These Include:

  • Secure Transportation: Ensuring data is safely transported to destruction facilities without risk of unauthorized access.
  • Controlled Facility Access: Limiting entry to authorized personnel only, maintaining a secure environment at every process stage.
  • Secure Destruction Methods: Utilizing the latest, most effective data destruction technologies to ensure complete data destruction with no possible recovery.
Secure transportation

By partnering with a NAID AAA-certified ITAD provider, you can be confident that your data is handled with the highest security throughout its lifecycle..

2. Compliance and Auditing for Peace of Mind

Data destruction compliance is more critical than ever, especially with the increasing number of industry data protection regulations. NAID AAA certification includes thorough auditing and compliance checks, ensuring vendors meet or exceed legal and regulatory requirements.

  • Regular Audits: Certified vendors undergo scheduled and surprise audits by trained, accredited security professionals.
  • Comprehensive Compliance Verification: Auditors assess 20 different areas of operational and security requirements, ensuring that data destruction methods align with laws such as GDPR, HIPAA, and others.

With ongoing audits and compliance checks, you can trust that your ITAD provider maintains the highest level of data protection.

compliance

3. Employee Screening and Training

The strength of any data security program lies in its people. NAID AAA-certified companies are held to strict employee screening and training standards.

  • Thorough Background Checks: Vendors must conduct extensive background checks on employees to ensure that only trusted individuals handle sensitive data.
  • Ongoing Training and Knowledge Testing: Staff are regularly trained on the latest data destruction techniques and are periodically tested to ensure they understand and adhere to data erasure policies.
Employee Screening

This focus on employee integrity and competence helps mitigate the risk of data breaches and ensures that qualified professionals handle your information securely.

4. Quality Control and Documentation

Quality control is a cornerstone of NAID AAA certification. Certified vendors must implement strict quality control measures to ensure data is securely destroyed and adequately documented.

  • Continuous Monitoring: Security systems such as CCTV and alarm logs are routinely inspected to verify the safety of the destruction process.
  • Comprehensive Documentation: NAID AAA-certified vendors must maintain thorough documentation of all destruction activities, including data destruction certificates, to provide a clear audit trail for clients.
CCTV monitoring keeps facility safe

This level of attention to detail ensures that all processes are transparent and businesses can maintain a clear compliance record for regulatory or audit purposes.

5. Client Assurance and Risk Mitigation

The most important benefit of working with a NAID AAA-certified ITAD provider is the assurance it provides to clients. Focusing on data security, data destruction compliance, and risk mitigation, NAID AAA certification helps businesses protect themselves against the devastating consequences of a data breach.

  • Reduced Risk of Data Breach: Working with a NAID AAA-certified partner lowers the likelihood of sensitive data being exposed or misused.
  • Regulatory Compliance: NAID AAA certification helps ensure that your organization complies with data protection laws, which can help avoid costly fines and reputational damage in the event of an audit.
risk mitigation

Partnering with a certified ITAD vendor means choosing a provider prioritizing your business’s security and compliance, reducing the risks associated with improper data disposal.

Conclusion: Trust the Experts in Secure Data Destruction

While our data-driven environments are not changing, organizations must take every possible step to ensure that their sensitive information is securely destroyed when it’s no longer needed. NAID AAA certification offers a reliable and comprehensive standard for secure data destruction, providing businesses with the confidence that their IT asset disposition (ITAD) partner is fully committed to maintaining the highest levels of data security, compliance, and professionalism. By choosing a NAID AAA-certified ITAD partner, you ensure that your data is destroyed securely, your organization remains compliant, and your reputation stays intact. 

Should IT Departments Sell End-of-Life IT Assets on Ebay?

Corporate IT departments play a critical role in managing the entire lifecycle of a company’s technology assets, including ensuring the secure disposal of outdated or end-of-life (EOL) equipment. While many IT teams and sustainability experts recognize that reusing or reselling unused IT assets is the most eco-friendly approach, the disposal process can have potential risks. For instance, some companies turn to electronics brokers or platforms like eBay to sell EOL equipment. While these methods may seem convenient, they can pose significant risks if sensitive data is mishandled or disposal practices fail to comply with regulations. Let’s delve into why businesses should exercise caution before listing their IT assets on sites like eBay or selling to brokers.

Sign advertising "we buy Cisco, Ciena, Juniper"

piles of old laptop computers

The Risks of Selling IT Assets on eBay

Several examples highlight businesses that have not exercised due care when disposing of end-of-life IT electronics.  The result can be fines, reputation loss, and significant loss of shareholder value.

A NAID AAA (now iSigma) study found that 40% of used devices sold on platforms like eBay contained personally identifiable information (PII). PII includes everything from customer records to internal communications to passwords. Any of this information becoming public could easily be costly and cause your company to be fined or endure reputational damage.   Read more about the study here.

Additionally, Rapid7, a leading cybersecurity company, conducted an experiment in which they purchased medical infusion pumps from online resellers and uncovered sensitive authentication data from several healthcare facilities. If exploited by malicious actors, this data could have severe consequences for hospitals and medical providers who previously owned the equipment. Read more about their findings here.

These examples highlight the significant risks companies face when they fail to properly sanitize data before reselling or disposing of their old IT assets. A company may assume its IT Assets will be properly sanitized, but if it does not work with a properly credentialed ITAD company, it can still face severe consequences for mishandling its data disposal processes.

Take Morgan Stanley, for instance. In 2023, the financial institution was fined $163 million after a moving company they hired to decommission their data center failed to properly wipe sensitive data from devices. Instead of adequately sanitizing the data before reselling, the moving company worked with an unnamed ITAD company that sold the equipment online, exposing the personal information of 15 million people. Read more about this case here.

Morgan Stanley

These cases and many others are stark reminders of why selling used IT equipment outside of the channels of a NAID-certified ITAD vendor is fraught with risk and can result in devastating data breaches, regulatory fines, and reputational damage.

Ensure all device data is fully sanitized and/or destroyed before donating or selling

How to Mitigate Risks Associated IT Asset Disposal

While it’s clear that selling IT equipment online can be risky, there are significant benefits to working with a certified IT asset disposal (ITAD) provider. Partnering with an ITAD vendor like Securis offers several advantages:

1. Certified Secure Data Sanitization or Destruction

A reputable ITAD vendor will ensure all device data is fully sanitized and/or destroyed. Certified vendors use NIST 800-88 to guide sanitization methods.  Certifications like NAID AAA and R2v3 ensure that the vendor follows rigorous data security and environmental sustainability standards. These certifications are open to spot checks on certified facilities, so high standards must be constantly maintained. Securis also has a trained Secure Data Destruction Specialist on staff to ensure we use the best, most current, and most secure data sanitization methods. 

2. Environmental Responsibility

E-waste is a growing concern, and responsibly recycling or reselling IT equipment helps prevent harmful pollution. A broker’s goal is to sell used computers for top dollar. Electronics with no value may end up in a landfill, resulting in environmental fines for the company that asked them to sell the equipment.  Companies can be liable for knowingly hiring an unqualified or unreliable ITAD vendor and for any environmental damage caused by improper disposal. If the company fails to conduct due diligence on the ITAD vendor’s practices, it may share some responsibility. There have been several cases where the EPA or states fined companies after their ITAD vendor left the business.   The EPA, OCC, or other government agencies may investigate a company’s practices for selecting and monitoring ITAD vendors. If the company is found to have inadequate oversight, it could face enforcement actions, even if the primary responsibility lies with the bankrupt ITAD vendor.

Companies should have contractual agreements that require their vendors to follow NAID AAA (information security) and R2v3 (environmental) best practices. They should also review third-party audits of their vendors and ensure that their ITAD vendors maintain liability insurance. R2v3-certified ITAD vendors are equipped to handle the environmentally safe disposal and recycling of electronic waste, ensuring that devices are reused or recycled in a way that meets EPA guidelines. By partnering with a trusted ITAD provider, companies can confidently meet their sustainability goals while reducing their carbon footprint. 

environmental-concerns IT Asset disposal
Securis Certifications

3. Compliance with Regulations

Disposing of IT assets improperly can lead to severe legal and financial consequences. Regulatory bodies like the SEC, OCC, and EPA have stringent requirements for data privacy and environmental impact. Working with a certified ITAD vendor mitigates the risk of non-compliance with these regulations. Additionally, ITAD vendors provide complete documentation and audit trails demonstrating compliance with data destruction laws and environmental standards. Certificates of Destruction are issued by certified ITAD vendors, which prove your data was properly destroyed. 

4. Vendor Accountability

When you work with a certified ITAD vendor, you are establishing a partnership with a company that you must ensure is held to high standards. Reputable ITAD vendors with certifications such as NAID AAA and R2v3 are regularly audited to ensure they meet industry benchmarks and comply with relevant regulations. Furthermore, by conducting thorough reference checks, scrutinizing online reviews, or even visiting an ITAD vendor’s facility, you can ensure that you have exercised due care and oversight of your ITAD vendor.

Why eBay Shouldn’t Be Your First Choice for IT Asset Disposal

In conclusion, selling end-of-life IT equipment on eBay or to the highest bidder may seem tempting, but the risks far outweigh the potential benefits. The possibility of exposing sensitive data, facing compliance penalties, or harming your company’s reputation is not worth the seemingly easy fix of an online sale.

By partnering with a certified ITAD vendor like Securis, you can ensure your company meets its data security, environmental, and compliance obligations. Our team of experts will securely wipe your devices, recycle e-waste responsibly, and provide you with complete documentation to ensure compliance with industry regulations. When it comes to IT asset disposal, it’s better to be safe than sorry. Partner with a trusted ITAD provider to ensure your end-of-life IT equipment is disposed of securely, responsibly, and compliantly.

Ready to Learn More About Services With Securis?

If you’re ready to take the next step in responsibly disposing of your company’s IT assets, contact Securis today. We’re here to help you protect your data, the environment, and your bottom line.

AI-Powered Accuracy for IT Asset Tracking: Revolutionizing ITAD with Securis

In IT Asset Disposition (ITAD), one thing is crystal clear: accuracy and efficiency are paramount. The slightest error can have significant repercussions when managing data-bearing devices, especially at the end of their lifecycle. That’s where Securis comes in, with an innovative solution to change the game: DriveSnap AI.  

At Securis, we’ve always been committed to setting the highest standards in data security and IT asset management. Inventory Management is a crucial part of this process. Our proprietary AI technology, DriveSnap AI, enhances every step, from inventory scanning to secure destruction, ensuring that your assets are tracked precisely and processed without delay. In IT Asset Management for Asset Disposition, accuracy and efficiency are critical for a solid chain of custody. Asset scanning is the first crucial step in this process.

Asset scanning

The Challenge of Manual IT Asset Tracking

Traditionally, IT asset tracking relies heavily on manual processes. Technicians and clients often face the daunting task of scanning product labels, which can be highly confusing. A single asset label can include a variety of sequences—model numbers, part numbers, serial numbers, etc that need to be recorded correctly. Take, for example, an asset label with two different serial numbers. If a technician scans one serial number, and a client scans the other, how can you be sure which number is correct? 

Smaller devices like SD cards may not even have a bar code to scan. The serial number is often printed in such small text that it’s difficult to read, forcing technicians to enter it manually. This process is both time-consuming and prone to human error. Incorrect number entries or the wrong interpretation of complex labels can compromise the accuracy of asset tracking. This slows the process and can create discrepancies that complicate the chain of custody. The result is confusion, inefficiency, and potentially costly mistakes.

Some labels are so small it's difficult to see the numbers.
Asset labels are confusing
In this example you can see how the many different numbers can cause confusion, in addition there are 2 serial numbers on 1 tag.

DriveSnap AI: Revolutionizing Asset Tracking

This is where Securis’ cutting-edge AI-powered technology makes all the difference. DriveSNap AI automates and streamlines the entire inventory scanning process. Once the scan is complete, the DriveSnap AI algorithm takes over. It intelligently processes the image, accurately identifying and separating the different asset identifiers and organizing the data clearly. There’s no more ambiguity, errors, or slowdowns caused by manual data entry. In fact our reports ar more than 99% accurate which is well over the industry standard for ITAD which is about 85%.  Also,  if questions arise later about an asset that was physically destroyed, the entire label has been captured, so all information on the label that no longer exists in physical form is forever preserved digitally. 

Example of AI Scan output after scanning asset label
Example of AI Scan output after scanning asset label

A standout feature of DriveSnap AI is its ability to capture high-resolution photos of HDD and SSD labels, oftentimes providing the sole photographic record of each asset before destruction. This capability offers clients unparalleled transparency and ensures accuracy throughout the ITAD process. These photos are archived alongside job documentation and integrated into a secure database, accessible in real-time through Securis’ client portal. Clients can instantly review these records, track assets as they are scanned, and resolve discrepancies such as data mismatches or incorrect barcode scans by cross-referencing archived photos. While the certificate of destruction serves as the official proof of secure data destruction, the photographic records offer an unmatched layer of accountability and precision, setting Securis apart as an industry leader.

Key Benefits of DriveSnap AI-Powered IT Asset Tracking

  1. Increased Efficiency
    Our AI solution speeds up the entire asset-tracking process. Gone are the days of manually scanning, interpreting, and entering data. The technology does the heavy lifting, allowing technicians to focus on more critical tasks and improving overall workflow.
  2. Reduced Human Error
    By eliminating manual data entry, the chances of misidentifying or mistyping serial numbers are drastically reduced. This leads to more accurate asset tracking, which is crucial for maintaining compliance and safeguarding data security. 
  3. Streamlined Workflows
    With our AI-powered system, every step of the asset tracking process—from scanning to data entry—is automated and optimized. This streamlined approach reduces bottlenecks and helps teams work more efficiently, reducing turnaround times.
  4. Enhanced Compliance and Data Quality
    In ITAD, compliance isn’t just important; it’s non-negotiable. Our AI technology ensures that your data is always accurate, up-to-date, and consistent, making compliance with industry regulations simpler and less stressful.
  5. A Reliable Chain of Custody
    Maintaining a secure, reliable chain of custody is critical to IT asset disposition. With AI-powered tracking, you can rest assured knowing that every asset is properly logged, tracked, and processed from start to finish. This provides you with greater transparency and peace of mind.
AI Scanning for IT Asset tags

Why Choose Securis?

When your end-of-life IT Assets no longer exist because they have been destroyed or recycled, the only proof you have of what happened to them is the remaining inventory report. 

Our AI-powered asset-tracking technology is one of the many ways we’re redefining the industry, allowing you to experience a new level of efficiency, accuracy, and confidence in your IT inventory-tracking process.  Your Inventory report will be available within 3 business days and 24/7 after that on our client portal.  

Securis provides Secure, Accurate and Sustainable ITAD service

Trust Securis for all your IT asset disposition needs and ensure your data is secure, your assets are accurately tracked, and your processes are more efficient than ever. Whether managing large volumes of devices or ensuring that every asset is handled securely, Securis has the expertise and tools to meet your needs.

Ready to See the Future of IT Asset Tracking?

Contact Securis today to learn more about how our AI-powered technology can transform your IT asset disposition process. With the most accurate, efficient, and secure solution on the market, Securis is your partner in reliable ITAD.

The Relevance of the Sarbanes-Oxley Act to Data Destruction

The Sarbanes-Oxley Act of 2002 (SOX), primarily known for its stringent financial reporting and corporate governance regulations, also has significant implications for corporate data management practices. One of the often overlooked aspects of SOX is its relevance to data destruction, a crucial component in maintaining compliance with data integrity and security standards. Here, we highlight some best practices for SOX compliance, especially regarding end-of-life electronics, ensuring companies protect and dispose of sensitive information appropriately.

Understanding the Sarbanes-Oxley Act

Sarbanes-Oxley Act of 2002SOX was enacted in response to major corporate scandals like Enron and WorldCom to increase transparency in financial reporting and hold companies accountable for their financial practices. Key provisions include:

  • Enhanced financial disclosures
  • Increased corporate responsibility
  • Stricter penalties for fraudulent financial activity
  • Enhanced internal controls and audit requirements

Data Destruction and SOX Compliance

While SOX does not explicitly mandate data destruction, its requirements for record retention and internal controls imply a structured approach to handling and disposing of data, especially financial records. Here’s how SOX influences data destruction:

1. Record Retention Requirements

Document Management

SOX Section 802 sets stringent guidelines on the retention of financial records.

 Companies are required to maintain accurate and detailed records for a specified period. These guidelines require a clear policy for the retention and eventual destruction of records once they are no longer needed. The destruction of records must be managed carefully to ensure compliance with these retention schedules.

2. Internal Controls and Procedures

SOX Sections 302 and 404 require companies to establish robust internal controls to ensure the integrity of financial reporting. This includes controls over how data is archived and destroyed. Adequate internal controls should address the following:

  • Identification of data that needs to be retained
  • Secure storage methods
  • Proper authorization for data destruction
  • Documentation of the destruction process

Failure to properly manage data destruction could result in loss of critical records, leading to non-compliance and potential penalties.

3. Preventing Fraud and Data Tampering

The prevention of fraud and data tampering is a core objective of SOX. Inadequate data destruction practices can leave sensitive financial data vulnerable to unauthorized access or tampering. By implementing secure data destruction policies, companies can protect against data breaches and ensure that obsolete records are permanently destroyed, thereby upholding the integrity of their financial reporting.  Partnering with an experienced data destruction partner can increase this protection level and add another layer of protection to your process.  Securis recently completed an on-site shredding job for a financial services company.  They told us that all hard drives had been removed and that we could recycle the eight server cabinets.  We found 86 drives (72 SSDs and 14 Hard Drives) upon inspection.  We shredded the 86 drives, saving the company from what could have been an expensive breach.  The missed 86 drives represented 15% of the total destroyed drives.

Best Practices for Data Destruction Under SOX

To align data destruction practices with SOX requirements, companies should consider the following best practices:

1. Develop a Comprehensive Data Retention and Destruction Policy

Create a clear policy that outlines the following:

  • Retention periods for different types of records
  • Procedures for secure destruction of paper and electronic records
  • Roles and responsibilities for managing the process

2. Implement Secure Destruction Methods

Ensure that data is destroyed using methods that make it unrecoverable. This includes:

  • Shredding for physical documents
  • Degaussing or overwriting for magnetic media
  • Wiping, Shredding, or Disintegration of electronic data

3. Audit and Monitor Compliance

Regularly audit data destruction processes to ensure compliance with SOX and internal policies. Monitoring should include:

  • Verification of destruction methods
  • Documentation of destruction activities, including a certificate of destruction 
  • Regular reviews of policies and procedures

4. Employee Training and Awareness

Educate employees on the importance of data destruction and their role in ensuring compliance. Training programs should cover:

  • Legal Requirements for data storage and disposal
  • Company policies and procedures for data storage and disposal 
Securis' hard drive shredder
Securis provides solutions for wiping, shredding and disintegration of electronic data.

Conclusion

The Sarbanes-Oxley Act’s impact on data destruction is a critical but often underappreciated aspect of compliance. Companies can comply with SOX requirements and enhance their overall data security posture by understanding and implementing effective data destruction practices. Ensuring that obsolete data is properly destroyed protects against potential fraud, data breaches, and non-compliance penalties, ultimately contributing to a company’s integrity and trustworthiness. Partnering with a secure and certified data destruction and IT recycling partner like Securis can ensure your compliance with SOX and many other compliance standards

If you’re ready to responsibly dispose of your company’s IT assets, contact Securis today. We’re here to help you protect your data, the environment, and your bottom line.

Is Your Smartphone Data Safe after a Factory Reset?

Smartphones have become indispensable in our daily lives, revolutionizing how we communicate, work, and navigate the world. They allow us to stay connected with loved ones through calls, messages, and social media, access information instantly, from news to directions, manage our schedules and boost productivity, capture and share life’s moments through photos and videos, entertain ourselves with games, movies, and music and even monitor our health and fitness goals.   According to a survey from Reviews.org, Americans check their phones an average of 144 times a day and spend four hours and 25 minutes daily on their phones. It’s safe to say these devices are firmly entrenched in our lives. We don’t think much about what happens to the data on these phones when we upgrade. Does a factory reset do the job of erasing all of our data as we assume it will?  Read on to find out.

The Upgrade Cycle

Because mobile devices have become such an essential part of most people’s lives, they will likely upgrade frequently as technology advances and new features are added. What happens to the millions of phones that are no longer wanted?  Sometimes, they are traded for credit towards a new device, and then those devices are sold on the secondary market. Sometimes, they get passed on to friends or relatives.  We do this after performing a factory reset that we believe wipes all data from the phone, but those beliefs are not actually true, and a factory reset can still leave us vulnerable.  When it comes to organizations, failing to eliminate data from company mobile devices properly can result in severe financial and reputation consequences. 

The Limitations of Factory Reset

Many users believe performing a factory reset is sufficient to protect their data when disposing of an old smartphone. However, this common misconception can lead to significant privacy and security risks. Most people don’t know that factory reset only removes the pointers to data, not the data itself. The device may appear on the surface to be new and clean. However, skilled individuals can still recover “deleted” information remaining in the device’s internal storage and on external secure digital (SD) cards using specialized software. In a 2015 study, Blancco Technology Group and Kroll Ontrack purchased over 120 second-hand drives and mobile devices from Amazon, eBay, and Gazelle to determine if residual data could be recovered after they were resold. Of the mobile devices studied, 35% had residual data.  So, the sensitive and personal data you think you responsibly removed may remain accessible to future device owners.  This vulnerability highlights the need for more robust data protection measures when upgrading or disposing of your smartphone, especially when these devices contain private company information. 

Factory reset has limitations

“People think their data’s been destroyed, and really all you’re doing [with a factory reset] is removing the table of contents. The rest of the chapters of the book are sitting there waiting to be discovered.”   — Pat Clawson, CEO, Blancco Technology Group

Security Limitations by OS

Apple iOS: The safest option, Apple uses sophisticated encryption to render any data left on the device after a factory reset unreadable. 

Android:  Android continues to experience significant security limitations. Most recently, media reports indicate hackers have used brute force attacks to break into tens of millions of Android devices thanks to a series of security issues linked to Android kernel flaws and Qualcomm processors. Unlike iOS, Qualcomm-powered devices store the encryption key in software, which leaves them vulnerable. Once a hacker has the key, all data can be unlocked.

Mobile Data Erasure: A Secure Alternative

Mobile data erasure presents a superior solution for those seeking a more secure option to protect sensitive information. With Mobile Phone Data Erasure, all data – both personal and corporate – is overwritten, erased, overwritten again, and certified as unrecoverable to anyone else.

Benefits of Mobile Data Erasure:

  • Overwrites all data on the device, making recovery virtually impossible
  • Complies with various data protection regulations
  • Provides certification of erasure for peace of mind
  • It can be performed remotely or on-site 
Safe erasure of mobile phone data

Organizations can use mobile data erasure techniques to ensure that their employees’ personal information, financial data, and other sensitive content on their mobile phones are irrecoverable. Securis offers mobile data erasure services that can be performed onsite at your offices or our NAID AAA-rated facilities. 

In conclusion, as smartphones continue to play an increasingly vital role in our lives, it’s essential to consider the security implications of upgrading or disposing of these devices. While factory resets may seem sufficient, they leave users vulnerable to potential data breaches. By opting for more secure methods like mobile data erasure, we can enjoy the benefits of smartphone technology while protecting our privacy and security in the digital age.

Research for this article:
1) Privacy for Sale: A Study on Data Security in Used Mobile Devices & Hard Drives Blancco Technology Group and Kroll Ontrack, October 2015 

Why choose an R2v3-certified e-waste Recycling Company for ITAD?

R2v3 is a comprehensive sustainability certification assuring the highest global electronics reuse and recycling standards.

In today’s fast-paced technological environment, businesses must effectively manage and dispose of outdated electronic assets, including computers, tablets, smartphones, and storage devices. This process, known as asset disposition, is essential for keeping equipment current while ensuring the safe and environmentally compliant handling of electronic waste (e-waste). Partnering with an R2v3-certified e-waste recycling company is the most secure and cost-effective approach to managing the inevitable IT refreshes that your company will need.

When evaluating potential providers for responsible e-waste disposal, verifying their claims regarding secure data destruction and environmentally friendly recycling practices is crucial. How can you know if they are being truthful? R2v3 certification is a reliable indicator that a vendor meets stringent requirements for electronics recycling and refurbishment. For some companies, R2v3 certification is a nice to-have feature, but Federal agencies are required to dispose of electronic assets in an environmentally responsible way as outlined in GSA Bulletin FMR B-34 Disposal of Federal Electronic Assets. FMR B-34 requires Federal Electronic Asset (FEA) recyclers to be R2 certified.

The R2v3 certification is not merely a management system but a comprehensive sustainability standard aimed at achieving positive outcomes in electronic waste management. As an R2v3 Certified Facility, we undergo independent audits to ensure compliance with the highest global electronics reuse and recycling standards. In addition, any services we perform nationwide via our mobile services adhere to the same strict standards, with all assets returned to our facility for responsible R2 certified recycling.

What is R2v3 Certification?

 Sustainable Electronics Recycling International (SERI)The Responsible Recycling (R2v3) certification is a globally acknowledged electronics recycling and refurbishment standard. Developed by Sustainable Electronics Recycling International (SERI), the R2v3 standard mandates that certified facilities adhere to strict environmental, health, safety, and data security protocols. It is the most widely adopted sustainability standard for electronics recycling and refurbishment, applicable to facilities of all sizes and locations.

What is the Difference between R2 and R2v3 Certification? 

R2 and R2v3 are both certifications for responsible electronics recycling, but R2v3 is the latest and more comprehensive version. R2 (Responsible Recycling) was initially developed in 2008 and has undergone several iterations. R2v3, released in 2020, is the most recent version of the standard. R2v3 expands on the original R2 standard with more stringent and detailed requirements in areas of data security, specialty processes, facility certification (R2v3 requires each individual facility to be certified independently, unlike previous versions that allowed multiple sites under one certification), strengthened environmental health and safety standards and heightened downstream tracking requirements. While R2 and R2v3 certifications aim to ensure responsible electronics recycling, R2v3 represents a significant upgrade with more comprehensive, flexible, and stringent requirements to address modern industry challenges and environmental concerns.

R2 Certification is what separates self-made claims by companies from those that have been audited and verified to actually be doing the right things. That’s a big difference, and it is what the world has come to value in R2-certified facilities.” – Corey Dehmey, CEO  of SERI 

Benefits of Using an R2v3-Certified Recycler for IT Asset Disposition

Data Security and Compliance

Data Security and ComplianceOne of the primary concerns in asset disposition is ensuring data security in ITAD. 

R2-certified e-waste recycling services must implement strict data security protocols to prevent breaches and unauthorized access to sensitive information. This includes documented processes for data sanitization tailored to various device types and sensitivity levels and access restriction to authorized personnel only. 

Certified facilities must maintain controls for data protection throughout the recycling process, including secure storage and handling of devices containing sensitive information. R2v3-certified recyclers must use robust media sanitization methods, such as data wiping, magnetic degaussing, and physical destruction, to thoroughly and irreversibly erase data from devices. In addition, they must adhere to specific time frames for performing this sanitization to minimize risks further.

R2v3 certification also ensures that recyclers have quality management systems (ISO 9001) and environmental management systems (ISO 14001) certifications. This helps companies avoid fines and legal issues associated with improper e-waste disposal.  It also provides peace of mind for the client, knowing that all regulatory requirements are met. SERI conducts spot inspections of R2 facilities, so ongoing compliance is assured.  

Assured Environmental Responsibility

Assured Environmental ResponsibilityMany companies have corporate social responsibility (CSR) considerations to fulfill. They must adhere to electronic waste disposal standards and e-waste legal regulations, ensuring that hazardous material disposal is properly managed. They must also implement best practices for recycling electronic waste that maximize material recovery and reuse, and minimize landfill use. 

R2v3-certified companies must follow rigorous environmental practices to minimize the impact of e-waste and demonstrate responsible recycling practices and environmental responsibility in ITAD.  The R2 certification applies to environmental responsibility at the vendor facility. It extends environmental protections beyond the primary facility, requiring full tracking and documentation of e-waste as it moves through the recycling chain. This requires R2v3 certified vendors to ensure their downstream partners also adhere to strict e-waste recycling standards. Knowing that your vendor is R2v3 certified allows companies needing IT asset recycling and recovery to ensure they can increase ESG scores and fulfill CSR goals simply by working with a partner with this certification. 

Reputation and Trust

R2v3 certification is how you know your ITAD vendor has completed rigourous certification standardsPartnering with an R2v3 certified recycler enhances a company’s reputation by demonstrating a commitment to responsible e-waste management. This builds trust with customers, stakeholders, and employees and aligns with corporate social responsibility (CSR) initiatives.  

R2v3 certification is not just earned once, annual audits are required as well as documentation of process improvements and updates to maintain certification, ensuring ongoing compliance and commitment to excellence in the field of  IT asset recycling and recovery.  These audits make sure that the R2v3 certified vendor is fulfilling all of the requirements of R2v3 certification on an ongoing basis, and that all workers are always properly trained on data security procedures. Internal data security audits are also required to assess conformance with customer requirements and R2v3 standards. In addition, certified vendors must stay updated on evolving data protection regulations and industry best practices. 

Partnering with R2v3-certified vendors demonstrates a commitment to sustainability and responsible business practices. This can lead to enhanced brand image and increased customer loyalty, as well the potential for attracting environmentally conscious investors to your company. 

“R2 sets a high bar for facilities who process used electronics for reuse and recycling. It’s comprehensive, including best practices for protecting the environment, data, the health and safety of workers, and communities all around the world. That’s why customers can feel confident working with R2 Certified partners will help support critical internal ESG, data security, and sustainability goals.”  – Mike Easterbrook, Chief of Global Standards

R2v3 certification ensures safe and compliant ITAD processes

R2v3 certification ensures safe and compliant ITAD processesR2v3-certified companies follow standardized and transparent processes for e-waste management compliance. This includes thorough documentation and reporting, which is essential for auditing and tracking purposes. Strict chain of custody controls and downstream due diligence documentation is required, including the tracking of all electronic materials from receipt to final disposition, documentation of downstream recycling partners and their practices as well as verification of final material disposition. 

In addition, Organizations that achieve an R2v3 certification must establish a comprehensive management system that includes policies and procedures covering all aspects of operations, including the implementation of safety measures to protect workers from hazards and proper training on the safe handling of materials and equipment.

The following records and reports must also be maintained:

  • Inventory tracking records
  • Inbound and outbound shipment documentation
  • Data sanitization and destruction records
  • Testing and auditing device records
  • Training records
  • Internal audit reports
  • Corrective action records
  • Facility inspection reports
  • Accident and incident reports
  • Management review meeting minutes
  • Customer complaints and feedback
  • Supplier evaluation records
  • Equipment calibration and maintenance logs

By maintaining thorough documentation and reporting systems across these areas, organizations demonstrate their adherence to R2v3 standards and maintain certification. The process requires meticulous record-keeping and a commitment to transparency throughout all operations related to electronic recycling and data destruction.

Economic Benefits

R2v3 certified recyclers must efficiently recover valuable materials from e-wasteBy partnering with an R2v3-certified recycler, companies can also realize economic benefits. R2v3 certified recyclers must efficiently recover valuable materials from e-waste, which can be refurbished and resold, thus reducing the overall cost of asset disposition. Having an R2v3 certification supports a circular economy, meaning that a vendor will ensure that all devices are used as long as possible, and then when devices can no longer be used, refurbish electronic devices and their components wherever possible. At the true end of life, a circular economy means recovering materials so they can become part of something new, whether that’s a new electronic device or something entirely different.  

R2v3-certified vendors adhere to stringent data security and environmental standards, which helps minimize legal and financial risks for their business partners. This can lead to lower insurance costs, reduced risk of data breaches and associated penalties, and minimized environmental liability for your company.  

R2v3 certified vendors often have more efficient processes for handling end-of-life electronics, resulting in lower disposal costs for old IT equipment, potential revenue or rebates from the resale of refurbished devices, and reduced expenses related to data destruction and environmental compliance. 

In addition, R2v3 certification ensures that vendors are up-to-date with the latest regulations. This helps businesses avoid costly fines and penalties, streamline compliance efforts, and reduce the resources needed for regulatory management. 

Conclusion – Enhance Your Brand Reputation With R2v3-certified E-waste Recycling

In an era where sustainability, data security, and e-waste regulatory compliance are paramount, choosing an R2v3-certified e-waste recycling company for asset disposition is a smart and responsible decision. Responsible ITAD vendor selection ensures the secure and environmentally responsible handling of electronic assets, reinforces a company’s commitment to ethical practices, and enhances its reputation. The R2v3 standard is regularly updated to address evolving industry needs and challenges. By partnering with an R2v3-certified recycler, your company can confidently manage its e-waste, knowing it complies with industry standards and contributes to a more sustainable future. 

R2v3 isn’t just a data security, OR environmental, OR worker health and safety standard. It is an electronics sustainability standard, which means it is a data security standard, AND an environmental standard, AND a standard that protects worker health and safety. That means when you choose an R2v3 Certified Facility like Securis, you check many boxes in your ITAD vendor selection process.

Top IT Asset Disposition (ITAD) Companies

Finding the top IT Asset Disposition (ITAD) companies can be challenging. This regularly updated list has been designed to help you identify the best options for your company based on some key factors. First, we discuss the factors to consider when choosing your ITAD partner, and we have a longer blog on that subject here. Then, we will provide a list of ITAD providers that you can choose from to find the best partner to meet your organization’s specific IT asset disposition needs. When making your final decision, consider scheduling consultations with multiple providers to assess their specific offerings and how well they align with your organization’s priorities regarding data security, environmental impact, and cost. 

What is ITAD?

ITAD is short-term for IT Asset disposition.  ITAD is the process every company must go through when refreshing IT Assets such as computers, tablets, smartphones, and storage devices. Because these devices often contain sensitive information and environmentally hazardous materials, disposal of end-of-life electronics is not as simple as throwing them in the trash.  ITAD vendors should bring Security, Accuracy, and Sustainability to your IT asset disposition process. Here are some questions to ask as you are assessing your various options:

Security

When selecting an ITAD vendor, security should be a top priority. A reputable vendor should provide comprehensive security measures addressing every aspect of the asset disposition process. This begins with a thorough evaluation of end-of-life equipment to inform decision-making about which data erasure and/or destruction methods should be employed and should extend to considerations such as transportation and logistics.

Certifications such as ISO-9001:2015, ISO 14001:1015, ISO 45001:2018, and NAID AAA certification for mobile and plant-based facilities can also inform an ITAD vendor’s commitment to data security. Compliance with industry-specific regulations is also important.  You should be aware of data destruction-related regulations specific to your industry, such as HIPAA, HITECH, or Gramm-Leach Bliley, CMMC, etc and be sure that your ITAD vendor complies with them.

Secure

The vendor should also be open to arranging site visits, talking with their references, and allowing you to assess their logistic and security requirements firsthand. Employee screening is another critical aspect of security. A trustworthy vendor will conduct thorough background checks on their employees, including fingerprinting and drug testing, and provide ongoing, intensive security training. These measures help ensure that reliable, well-trained professionals handle your sensitive data and assets throughout the disposition process.

Accuracy

A reputable ITAD vendor should provide comprehensive and accurate reporting on all processed assets. This includes maintaining a detailed audit trail that tracks each asset from when it enters its custody until its final disposition. While the industry average accuracy in ITAD reporting is 85%, you should look for a vendor who can exceed this number and provide highly accurate reporting, ideally with greater than 99% precision. To ensure the utmost accuracy in data capture, the vendor should implement a two-step verification process for all captured data, minimizing the risk of errors or discrepancies. After the asset disposition process, the vendor should furnish a certificate of destruction. This document is official proof that the assets have been properly disposed of and that any data contained within has been securely destroyed. 

In addition to basic asset tracking, a top-tier IT asset disposition vendor will go above and beyond by providing weight and LEED (Leadership in Energy and Environmental Design) reporting. This information is valuable for organizations looking to quantify their environmental impact and potentially earn credits for sustainable practices. 

Accurate

Finally, the vendor should offer a client portal to empower clients with full visibility into their asset disposition process. This portal should provide unlimited access to inventory reporting, allowing clients to review asset status, track progress, and generate reports as needed. Such a feature demonstrates the vendor’s commitment to transparency and client empowerment while streamlining their customers’ asset management process.

Sustainability 

When selecting an ITAD vendor, it’s crucial to prioritize sustainability and environmental responsibility. The ideal ITAD partner should prioritize sustainability through a two-pronged approach. First, they should focus on extending the life of IT assets through refurbishment and reuse whenever possible. This approach not only benefits the environment by extending the lifecycle of IT equipment and contributing to a circular economy but also provides financial advantages to your company. Second, for assets that cannot be reused, the vendor should employ environmentally friendly disposal methods that minimize the impact on ecosystems. 

A reputable vendor should hold certifications such as R2v3, which ensure adherence to responsible recycling practices and environmental standards. These certifications have rigorous requirements, demonstrate the vendor’s commitment to sustainable ITAD processes, and assure that they follow industry best practices. R2V3 certification ensures comprehensive environmental compliance, including agreements with all downstream vendors to dispose of sensitive materials properly and prevent environmental harm in vulnerable regions due to unethical e-waste recycling practices. 

sustainable (1)

Additional considerations

In addition to security, accuracy, and sustainability, other considerations exist when choosing your ITAD vendor. A quality vendor should be able to handle your specific asset types and volumes and have the logistics and transportation capabilities to support your needs. This includes scaling services up or down based on your requirements and tailoring their offerings to your unique situation.

End-to-end services are also important, so you only have to vet one vendor who can then handle everything from logistics and data destruction to remarketing and recycling. The vendor should offer on-site and off-site data destruction options, ideally with NAID AAA-certified mobile trucks and facilities. Convenient collection services are also important, whether through scheduled pick-ups, accessible drop-off locations, or mail-in options.

Flexibility is key when it comes to contracts and equipment. Be wary of vendors that lock you into long-term contracts. An established reputation for excellent service and reliability is also critical. Look for solid testimonials from clients in similar industries to gauge the vendor’s track record. Finally, responsive customer support can significantly improve your ITAD experience. A dedicated project manager can ensure that any issues or questions are addressed promptly, helping to streamline the entire ITAD process and provide peace of mind.

Securis

Securis provides secure, accurate, sustainable, certified, and compliant on-site and off-site data sanitization and IT asset disposal and recycling for PCs, laptops, hard drives, solid-state drives, smartphones, servers, and other e-waste using NSA-approved degaussing and drive shredding technology and NIST 800-88 compliant drive wiping.   Many Securis customers are in highly regulated industries such as government, healthcare, and financial services.  In response, Securis has spent more than 20 years developing best practices for destroying classified and highly sensitive data.  Securis holds certifications for ISO 9001, ISO 14001, and ISO 45001, as well as a NAID AAA (i-sigma) certification. In addition, Securis is certified by the DLA (Defense Logistics Information Service) to store and transport military critical technical data and by the Department of Transportation to transport e-waste materials.  Securis also complies with relevant regulations, such as HIPAA, HITECH, OSHA, Gramm-Leach Bliley, FERPA, and many more. Securis is also R2V3 certified to responsibly remarket or recycle every component in your retired electronic devices, ensuring e-waste stays out of landfills and your ESG rating is increased. Securis also has a Certified Secure Destruction Specialist® (CSDS®) on staff, so you can be sure regulatory compliance, information security, and risk management protocols are always top-tier.

Securis provides a thorough chain of custody and a transparent and well-documented process for your IT asset disposition projects, culminating in a certificate of destruction, all readily accessible to you 24/7 from their Client Portal.  Inventory reports have been demonstrated to be greater than 99% accurate.   Securis’ value recovery program assures the best possible return for any residual value in your end-of-life IT assets.  Securis has more than 50 five-star reviews on Google and positive reviews on Gartner.  Securis provides services throughout the continental U.S.

At a Glance:

  • Company Type: Private
  • Year Founded: 2000
  • Website: https://securis.com/ 
  • Headquarters Location: Virginia, USA
  • No. of Employees: 51-200
  • Reviews: As of 3 Oct. 2024, Securis has an Overall Rating of 5 out of 5 in the IT Asset Disposition market, based on 4 reviews on Gartner Peer Insights™, Trustpilot – No Reviews Google: 4.8 out of 5 based on 76 reviews

Bottom Line: Securis is the best overall choice for companies looking for secure, accurate, and sustainable ITAD services. Securis offers military-grade certifications, ESG reporting, and flexible nationwide IT asset disposition services.

Iron MountainIron Mountain

Iron Mountain is best known for its records management capabilities, which historically have been paper and tape storage, backup, and recovery services.  They are one of the largest companies in the United States and have a recognizable brand name globally.  Iron Mountain entered the ITAD business in 2021 by acquiring IT Renew, based in Newark, California. In November 2023, Iron Mountain completed the acquisition of Regency Technologies, expanding its presence in the IT asset disposition market.  In September 2024, Iron Mountain also acquired Wisetek, adding to its portfolio of ITAD acquisitions. 

Iron Mountain now provides IT Asset Disposition services as part of its broader IT Asset Lifecycle Management (ALM) offerings, which include data destruction, asset remarketing, e-waste recycling, and comprehensive reporting.

At a Glance:

  • Company Type: Public
  • Year Founded: 1936
  • Website:  http://www.ironmountain.com 
  • Headquarters Location: Boston, USA
  • No. of Employees: 10001+
  • Reviews: As of 3 Oct. 2024, Iron Mountain has an Overall Rating of 3.7 out of 5 in the IT Asset Disposition market, based on 2 reviews on Gartner Peer Insights™, Trustpilot – 1.4 based on 67 reviews.  Google: none found

Bottom Line: Iron Mountain offers a comprehensive set of services but may not be best of breed for all of them. Companies are likely to choose them for ITAD services, with an existing procurement relationship is a key factor.

HOBI International Inc

HOBI International

HOBI International, Inc. provides IT asset disposition and managed mobile services. The company specializes in sustainable solutions for managing and disposing of global IT and mobile assets for businesses. HOBI’s services include data security and erasure, mobility managed services, reverse logistics, data center services, enterprise asset services, and environmental services, with systems designed to maximize a client’s return on obsolete assets while minimizing processing costs.  Hobi processes more than 1 million individual assets annually across its three facilities in Dallas, Phoenix, and its original location in Batavia, Illinois. 

HOBI also offers a custom-designed data management system with concise reporting on logistics, costs, asset serialization and configuration, redeployment schedules, sales history, and scrap summaries. 

At a Glance:

  • Company Type: Private
  • Year Founded: 1992
  • Website: https://hobi.com/
  • Head Office Location: Batavia, Illinois, United States
  • Reviews: As of  3 Oct. 2024, HOBI has not been rated on Gartner Peer Insights™, 1.0 based on 1 review on Yelp No other reviews found

Bottom Line: HOBI maintains R2v3, RIOS, and ISO 14002 certifications and is a WBE-certified company but does not have a NAID-certified facility.

DELLDELL

Dell offers end-to-end device lifecycle management, including inventory tracking, equipment repair/replacement, upgrades, and responsible disposition. This can simplify IT asset management for companies with large, dispersed workforces. Dell manages the entire IT asset disposition process, including pickup logistics for any leased or owned hardware brand, secure data wiping following NIST SP 800-88 R1 standards, device resale or recycling, and online tracking through Dell’s TechDirect portal. Dell has a strong focus on sustainability and circular economy principles. They aim to recycle or reuse an equivalent product for every product a customer buys. 

Dell has expanded its Asset Recovery Services to 35 countries outside the U.S., covering Canada, Europe, the Middle East, Africa, and Asia. This makes Dell a viable option for multinational corporations. While Dell can handle multi-vendor assets, its ITAD services encourage the continued use of Dell products, potentially limiting flexibility in IT procurement decisions. While Dell offers some flexibility, its services may not be as customizable as those of specialized ITAD providers. In addition, Dell uses third-party partners for some aspects of disposition. 

At a Glance:

  • Company Type: Public
  • Year Founded: 1984
  • Website:https://www.dell.com
  • Headquarters Location: Round Rock, Texas, USA
  • No. of Employees: Approximately 120,000
  • Reviews: As of 3 Oct. 2024, Dell has an Overall Rating of 5 out of 5 in the IT Asset Disposition market, based on 1 reviews on Gartner Peer Insights™, Trustpilot – 1.5 based on 286 reviews.  Google: none found

Bottom Line: Customers who are exclusive users of Dell servers, storage, and laptops are most likely to consider using them for ITAD services.

Ingram Micro

INGRAM MicroIngram Micro is an American distributor of information technology products and services. In February 2016, it was acquired by Chinese conglomerate HNA Group. In May 2018, it acquired CloudBlue, which offers cloud commerce services. Ingram Micro’s approach to ITAD is comprehensive and focused on risk management, logistics, asset repair, and refurbishment, and maximizing residual asset value. 

Ingram Micro offers onsite and offsite data erasure and destruction services, including degaussing and physical shredding. Its industry sectors include enterprise, government, manufacturing, legal, retail, and healthcare. Ingram uses a proprietary system called BlueIQ for global asset tracking and intelligence throughout the ITAD process and also performs re-sales through a platform named RENUGO.

At a Glance:

  • Company Type: Private
  • Year Founded: 1979
  • Website: http://www.ingrammicro.com 
  • Headquarters Location: Irvine, USA
  • No. of Employees: 10001+
  • Reviews: As of 3 Oct. 2024, Ingram Micro has an Overall Rating of 5 out of 5 in the IT Asset Disposition market, based on 1 reviews on Gartner Peer Insights™, Trustpilot – 1.4 based on 127 reviews.  Google: none found

Bottom Line: As a large distributor of IT Services, customers have access to Ingram Micro Service through a large network of value-added resellers

HPE 

HPE

HPE (Hewlett Packard Enterprise) offers comprehensive IT Asset Disposition services as part of its IT asset lifecycle management solutions. HPE prioritizes the reuse of IT assets over recycling, supporting the management of multi-generational environments. This strategy aligns with sustainability goals by extending the life of IT products and reducing environmental impact.  HPE provides asset recovery services, including collecting, inventorying, transporting, sorting, and processing IT products for recycling or remarketing.  

HPE partners with other ITAD companies to source used HPE computers and to subcontract ITAD services. Devices are processed through HP-approved partners and audited by a third party. If equipment cannot be repurposed, it is responsibly recycled. HPE offers a full suite of IT asset lifecycle management solutions, including the option to purchase pre-owned technology. It also has a large global presence, offering services in multiple countries.  However, there are service limitations with HPE, as in many countries, the HP ITAD Service is currently available for direct customers only. In addition, onsite decommissioning services are only available in Australia, Germany, the United Kingdom, and the United States. 

At a Glance:

  • ​​Company Type: Public
  • Year Founded: 2015
  • Website: http://hpe.com 
  • Headquarters Location: Houston, US
  • No. of Employees: 10001+
  • Reviews: As of 3 Oct. 2024, HPE has an Overall Rating of 4 out of 5 in the IT Asset Disposition market, based on 1 reviews on Gartner Peer Insights™, Trustpilot – 1.2 based on 7,174 reviews  Google: none found

Bottom Line: HPE is best suited for companies that are committed users of HPE equipment and often reuse HPE equipment for different employees.  

ERI

ERIERI is one of the largest and most well-known ITAD companies. It claims 

to be the largest fully integrated IT and electronics asset disposition provider in the United States and possibly the world. ERI maintains NAID AAA,  R2, and e-stewards certifications. In 2021, it announced an investment by the private equity firm Closed Loop Partners. 

ERI uses its partner network to provide services in the U.S. and 46 countries. It offers a full range of ITAD services, including data destruction, asset tracking and reporting, repair and reuse, parts harvesting, recycling, compliance management, and device remarketing. ERI also ensures regulatory compliance and meets or surpasses corporate risk management requirements.

At a Glance:

  • ​​Company Type: Private
  • Year Founded: 2002
  • Website: https://eridirect.com 
  • Headquarters Location: Fresno, California 
  • No. of Employees: Approximately 1000
  • Reviews: As of 3 Oct. 2024, ERI has not been rated on Gartner Peer Insights™, Trustpilot – no reviews found Google: no reviews found

Bottom Line: Customers looking for an international presence and a fully integrated ITAD supply chain may likely choose ERI.

ER2

ER2

ER2 provides IT Asset purchasing, installation, tracking, and disposal services. ER2 operates in Arizona, California, Tennessee, Nebraska, Florida, and Texas but offers worldwide service.  ER2 is a private company specializing in technology life cycle solutions, primarily serving Fortune 1000 clients. 

The company was founded in 2011 and has shown significant growth since its inception, being recognized as one of the fastest-growing companies in the US for multiple years. ER2 focuses on providing complete IT asset management services, from installation to deployment, while maintaining a commitment to social and environmental responsibility

At a Glance:

  • ​​Company Type: Private
  • Year Founded: 2011
  • Website: https://er2.com 
  • Headquarters Location: Memphis, Tennessee,
  • No. of Employees: 120
  • Reviews: Reviews: As of 3 Oct. 2024, ER2 has not been rated on Gartner Peer Insights™, Trustpilot – no reviews found Google: no reviews found

Bottom Line: ER2 is well suited to companies that want to work with one vendor to manage the entire IT lifecycle, from purchasing and installing to disposing of end-of-life equipment.

Dynamic Lifecycle Innovations

Think DYnamic websiteIn 2018, Dynamic Recycling changed its name to Dynamic Lifecycle Innovations to reflect a dedication to providing clients with customized, secure, and cost-effective solutions for all stages of the IT lifecycle, including e-recycling, materials recovery, refurbishment, or decommissioning outdated IT assets.  Dynamic Lifecycle Innovations is a full-service electronics and materials lifecycle management corporation providing solutions for IT asset disposition, data security, product refurbishment, remarketing and resale, electronics recycling, legislative compliance, metals recovery, and logistics.  

Dynamic is certified for NAID AAA, R2v3, E-stewards, ISO 9002, ISO 14001, ISO 45001.  With physical locations in Onalaska, Wis. and Nashville, Tenn., the company claims to service 100 countries across six continents. Dynamic has a carbon calculator tool that includes details for 30 different categories of e-waste, comprising of both whole units and component parts

At a Glance:

  • ​​Company Type: Private
  • Year Founded: 2007
  • Website: https://thinkdynamic.com/ 
  • No. of Employees: 201-500 employees
  • Headquarters Location: Onalaska, Wisconsin 
  • Reviews: As of 3 Oct. 2024, Dynamic Lifecycle Solutions has not been rated on Gartner Peer Insights™, Trustpilot – no reviews found Google: 4.3 based on 26 reviews  Yelp: 3.0 out of 4 based on 4 reviews

Bottom Line: Best for companies who value extremely detailed ESG reporting.

Cascade Asset Management

Cascade websiteCascade Asset Management has over 20 years of experience in the ITAD industry. It specializes in healthcare, finance and insurance, education, government, and technology. Cascade is NAID AAA certified, e-stewards certified, ISO 9001 and ISO 14001 certified, and PCI-DSS (Payment Card Industry Data Security Standard) compliant. 

Cascade offers a full range of ITAD services, including on-site inventory and data destruction, secure logistics and transportation, asset testing, erasure, and unlocking, and has options for asset resale, recycling, donation, redeployment, or return to the company. Cascade has a value recovery program in the form of rebates for assets with residual value.

At a Glance

  • ​​Company Type: Private 
  • Year Founded: 1999
  • Website: https://cascade-assets.com/ 
  • No. of Employees: more than 100
  • Headquarters Location: Madison, Wisconsin
  • Reviews: As of 3 Oct. 2024, Cascade Asset Management has not been rated on Gartner Peer Insights™, Trustpilot: No reviews found, Google: No reviews found

Bottom Line: Cascade is a good choice for companies in the Cascades freight zone, which includes Wisconsin, Illinois, Minnesota, Iowa, Indiana, Ohio, Michigan, Kentucky, and Florida. Also, while Cascade is NAID, e-Stewards ISO 9001, and ISO 1400 certified, if your company requires R2v3 certification, this may not be the best choice. 

Sims Lifecycle Services

Sims lifecycle websiteSLS specializes in managing retired electronic equipment, components, and metals.  They primarily cater to businesses, data centers, and manufacturers. The company offers services such as secure and compliant global IT asset disposition (ITAD), e-waste recycling, data center decommissioning, data destruction, and refurbishing, repairing, and restoring materials for continued use.  

Sims holds comprehensive certifications and provides online reporting. It operates globally with centers throughout the Americas, Europe, the Middle East, Africa, and Asia-Pacific regions. This extensive network allows it to support multinational companies and large data centers worldwide. The company also emphasizes sustainability, offering tools like a sustainability calculator to help clients quantify carbon emissions avoided through IT asset reuse and recycling.

At a Glance

  • ​​Company Type: Public
  • Year Founded: 2002
  • Website: https://www.simslifecycle.com/ 
  • No. of Employees: Over 4,000 employees globally
  • Headquarters Location: West Chicago, Illinois, 
  • Reviews: As of 3 Oct. 2024, Sims Lifecycles services has not been rated on Gartner Peer Insights™, Trustpilot: no reviews found Google: no reviews found Yelp: 3.6 out of 5 based on 13 reviews

Bottom line: SIMS is a good choice for global companies that need a vendor to participate in all aspects of the IT asset lifecycle, from procurement to maintenance to disposition. 

SK tes

SKtes website

SK tes specializes in sustainable technology services throughout the lifecycle of IT assets, including deployment and commissioning of technology devices, IT asset disposition (ITAD), battery recycling, and materials recovery. With facilities in 22 countries, SK tes offers service worldwide. They provide end-to-end lifecycle management for technology assets, from deployment to recycling. The company has developed proprietary processes for recycling and materials recovery, such as its lithium battery recycling technology particularly from electric vehicles.

SK tes places a strong emphasis on sustainability through electronics refurbishment.  The SK tes Consumer Solutions division offers data secure refurbishment, repair and remarketing services for consumer returns, trade-in and excess consumer electronics. They also boast a 99% recovery rate for processed materials and have committed to repurpose 1 billion kilograms of assets by 2030. 

At a Glance

  • ​​Company Type: Private
  • Year Founded: 2005 as TES rebranded in 2024 to SK tes
  • Website:https://english.tesgroup.de/ 
  • No. of Employees: Around 1000
  • Headquarters Location: Jurong Industrial Estate, Singapore
  • Reviews: As of 3 Oct. 2024, SK tes has not been rated on Gartner Peer Insights™, Trustpilot: No reviews found, Google: No reviews found

Bottom Line: SK tes is best for global companies that are more focused on reselling retired assets or have large quantities of commodities such as lithium batteries that need to be properly recycled.