I’ve got some terrible news for companies trying to resell, recycle, or dispose of retired IT assets/e-waste, the vast majority of which need to partner with an IT Asset Disposition (ITAD) vendor to do so. The vendors that you’re considering trusting with your EOL hardware and the data found on the storage components have a wide range of policies, practices, security, and certifications, ranging from the best-of-the-best to none at all. And unless you’ve got a lot of time on your hands to assess each and everyone that you’re thinking of using, you’re going to need a shortcut for how to reliably assess their worthiness to hold your precious data in their hands.
That shortcut is the National Association for Information Destruction (NAID) AAA certification. Here’s why.
When the Federal Trade Commission (FTC) wrote the regulations around data destruction it was concerned about unqualified vendors. It recommended that companies select vendors certified by trusted, expert national trade associations, rather than relying on unknown service providers’ claims and promises. Even today there are very few certifying organizations and their certification programs vary, which makes it safer to choose a vendor with third-party certification but still leaves companies pondering which certifying bodies produce vendors with the lowest risk.
This is where NAID distinguishes itself from other organizations in this space. NAID is the only Consumer Protection watchdog association that audits the qualifications of data destruction service providers globally. NAID AAA certification verifies over 20 areas of operational and security requirements and conducts both annual scheduled and unannounced audits of certified vendors, both in plants and in the field, with fines and sanctions for non-compliance up to and including suspension or revocation of certification.
NAID AAA Certification assures clients that they are dealing with a reputable and secure data destruction service. More and more government agencies and companies globally are requesting directly in their RFPs that providers be NAID certified. And with good reason. Data is already considered more valuable than oil, and in some applications, it’s worth more than gold.
Various studies show between 75-80% of data breaches are traced back to some internal involvement in the form of malicious or incompetent employees. It’s no different for your ITAD vendor or recycler. You shouldn’t blindly trust that what they’re doing with your hardware or data is in your best interest, or that their staff is trustworthy. Requiring your provider to be NAID AAA-certified reduces your risk by providing a vendor that has been fully vetted.
NextUse meets (and exceeds) NAID AAA requirements
NextUse is one of only seven NAID AAA certified vendors in the world that performs data destruction services for hard drives both at our facilities and at client sites. This includes sanitizing the drives for resale, or degaussing and physical destruction for those unfortunate times when recouping some of your investment isn’t an option.
NextUse actually voluntarily exceeds NAID’s stringent AAA standards in a number of areas and encourages clients to tour facilities to see for themselves. Employees pass rigorous employment screening including drug testing and criminal background checks, and they’re periodically retested. Facilities have fencing, both manual and biometric locks, cameras, lighting, and months (and sometimes years) worth of log data and camera footage.
NextUse’s NAID AAA certification is one critical component of an organization dedicated to secure, confidential data destruction.
If you’re an IT Asset Manager interested in seeing how NextUse can both securely destroy data located on your retired IT assets and maximize your asset value recovery, complete this short form or call Mark Dobson at 603-834-9443.
