The collection of IT assets is essentially a collection of data from you the data controller. If not done correctly there is potential for a data loss/breach.
The ADISA ICT Asset Recovery Standard 8.0 helps you (the data controller) and S2S Group (the data processor) manage the asset recovery process to a set standard.
Data Impact Assurance Levels (DIAL) put you in control. You are now able to control risk against a simple set of variables. Based on the answers provided, you will be able to receive an overall DIAL rating.
The service S2S Group provide as a data processor will match the rating you have generated and agree with you an ADISA accredited asset recovery plan.Generate my DIAL Rating
Simply put, DIAL ratings offer you the chance to quickly and simply evaluate the risk to you and your company should there be a data breach. The higher the risk, the more measures that need to be put in place and the greater the level of service needed to mitigate this risk.
Another added benefit of using the DIAL rating is to allow you, the data controller to realistically analyse the threat to your data and the threat that data poses stolen.
The ICT Asset Recovery Standard 8.0 is the new accredited ADISA standard for the physical processing of your data.
Your DIAL rating is the framework for assessing your risk, by you the data controller. This is then submitted to us as a data processor.
Once we have received your DIAL rating, we can build a service plan which uniquely matches your requirements. Our service plans, no matter the DIAL rating will meet the new ADISA standard (ICT Asset Recovery Standard 8.0)Generate my DIAL Rating
Risk levels can be judged for an ITAD collection based on 5 factors that we call VICTAR,
This refers to the volume of data due to be processed. Asset recovery is a physical process and focuses of overall storage capacity. Therefore, we would need to (as a data controller) determine the overall capacity of storage rather than a volume of data.
As a data controller you need to assess the impact would have on your business. When deciding this impact, take into consideration your business type, the scale of data being processed, your profile and lastly the type of data you wish to be processed.
Refers to the categories of data you need processing. These categories align with UK GDPR.
You as a data controller need to determine where threats to your data/business are likely to come from. Who is likely to want to gain access to this data? What are the motivating factors behind their actions? Is it financial, intellectual property theft or is it another purpose?
This refers to the levels of risk that your business is willing to take. Businesses will want to consider the previous risk factors and judge the levels of service required.