Table of Contents
IT Asset Disposal (ITAD) is a service provided by many companies in the UK and the work involves collecting IT assets from data controllers and the importance of this service and the correct choice of service provider should not be underestimated.
The collection of IT assets is essentially a collection of data from that data processor and if not done correctly there is a real potential for a data loss/breach.
Would you, with this in mind, treat collection of data as a waste transaction? Many data controllers in fact do this by leaving these collections in the hands of waste contractors or man-in-van operations where there are no contracts in place and guarantees of what will happen to the data being collected.
Contracts and Controls should be in place to ensure risk mitigation measures are in place to ensure each and every risk is both identified and mitigated to reduce the risk of data loss and/or data breach.
Using an ADISA-certified company
Using an ADISA-certified company like S2S Electronics Ltd will ensure that risks are considered, agreed and mitigated in line with the identified risks for that data. The ADISA standard has in fact been approved by the ICO meaning the IT disposal process is fully compliant with the UK GDPR regulations.
Disposal of it assets to this standard in short ensures that the Data Controllers are compliant with the law. In addition, the Data Controller does not have to perform external Audits as the process is already independently audited.
VICTAR (Volume, Impact, Category, Threat, and Appetite to Risk)
The process requires engagement between the Data Controller and Data Processor to ensure the risks are both identified and managed. This process is called the (Data Impact Assurance Levels) DIAL Ratings.
This identifies the risk level for a Data Processor collection based on a number of factors that we call VICTAR, (Volume, Impact, Category, Threat, and Appetite to Risk). This is a simple online form that S2S can guide Data Controllers through to identify the risk level. Once this is done the level of service can be agreed upon to mitigate the risks.
Contracts need to be in place and each collection needs additional site-specific engagements but generally, these will already be in place and do not mean more work for the Data Controller.
Engage with S2S Group and let us ensure your legal compliance with UK GDPR for asset disposal.