Secure CPA US DOD 5220.2-M Approved Data Wiping Services
There are two critical elements when looking for an IT Asset Disposal (ITAD) strategic partner:
- How good is their service?
- How good are the tools they use to sanitise data?
Clearly elements like cost, revenue return and environmental licensing are crucial but before selecting a partner it is essential that the first two questions be satisfied.
How good is our ITAD service?
Reuse Technology Group meets the ADISA ITAD standard, which was launched in 2010. It is the only industry dedicated standard focused on IT security within the IT asset disposal process. The standard looks at basic elements such as the business itself, the physical fabric of the buildings where the service is undertaken and how they manage the assets throughout the process. It also drills down into fine detail to identify where any potential vulnerability exists within the service and how that vulnerability is managed to an appropriate level of risk. The standard also looks at the actual process of sanitisation; the point where the data is made safe. At this stage ADISA look at whether or not the organisation is using approved tools for the act of sanitisation (commonly known as data erasure or data wiping). Being a certified ADISA member means that we have met all of the above criteria.
How good are the tools that we use?
When assessing this it is crucial to look to authorised independent test labs. In the UK, CPA/CESG (Communications-Electronics Security Group) is the Information Assurance (IA) arm of GCHQ and is the Government’s National Technical Authority for Information Assurance. One arm of CPA approves products for use within IT security including data erasure products. This approval process is viewed globally as one of the most trustworthy methodologies and ‘CPA approved’ products are generally accepted as being assured that they work as the manufacturer or developer states.
With that in mind, when assessing the IT asset disposal process, it is essential that you always look for the use of CPA approved tools. Only by using these tools can you really be sure that the company carrying out the work is using the correct software to sanitise data and that it has been scientifically tested to assure that it works. Without this testing there can be no assurance that the product works.
Reuse Technology Group use this exact software that is CPA approved and therefore can carry out the work you require with absolute certainty that it meets criteria, thus leaving you, the client with total peace of mind.
For areas such as physical destruction of hard drives or overwriting of mobile phones / devices utilising Solid State Drives (SSD), Reuse Technology Group ensures that the best possible tools available are used and that these tools have been verified as being the current best available products on the market. You can find more details about data shredding here
In summary, when choosing an ITAD partner, you should always insist on two prerequisite elements; ADISA certification (full member) and the use of CPA approved products. Without these two elements only a ‘trust’ model exists which leaves the client exposed to potential asset loss and data breach, which could culminate in a hefty fine.