Escolar Documentos
Profissional Documentos
Cultura Documentos
May 2012
Page 1 of 5
Given a 2009 analysis* suggested 12% of all data losses occurred through improper disposal, how can this be? Well it would appear the landscape may finally be changing and it is widely expected that having consulted with the Asset Disposal and Information Security Alliance** (ADISA), the ICO will soon be publishing guidance notes setting out best practice for IT disposals that should finally help all data controllers formulate a policy to protect their organisations.
Page 2 of 5
And generally speaking, therein lays the problem. Asset value recovery tends to be conducted by sharing the realisable value of the asset between the owner and the disposal company. The lure of greater returns will be offered by ITADs with lower overheads, yet this can only be achieved by compromising process. The old adage that cost neutral =risk in the realms of ITAD selection holds true more now than ever, but this document will seek to demonstrate how it may be possible to both protect your organisation and achieve optimum asset value recovery. Pressure as there may be on all matters fiscal, dont lose sight of your priorities. The average value of a retired desktop may be as little as 20-30. A fine of up to 500,000 will not only erode any financial benefit you may have derived from corner cutting, it may also irrevocably damage the reputation and integrity of both the organisation and you personally.
Page 3 of 5
derived using proper transfer of custody and client engagement documentation before allowing the assets to be processed in such a purpose-built facility. Greater efficiencies result in reduced processing costs and increase the net asset value return. Happy days for all.
Summary
Organisations these days are complex, and we all have to dance for different puppet masters. The CEO will tell you brand/organisation integrity is everything, and you must never embarrass him with the stigma of a data breach. The FD will no doubt tell you theres no budget to engage a robust operator to dispose of redundant IT, and will no doubt press you further to achieve the best return. So how can you please them both? Inevitably operating an ITAD business with a high level service offering will incur sizeable overheads, so dont expect it to be the cheapest on process. That said, the right operator should be able to demonstrate higher than average market returns and may well be able to negate any additional costs of service provision through enhanced value recovery. Check this simply for yourself Where are their downstream markets? Are they a Microsoft Authorised Refurbisher? Does the reuse channel fit with your Corporate Social Responsibility policy? If you can find an operator that gives you the right answers to these questions and can also provide the ICO compliant service contract then congratulations, youve found utopia.
*Source KPMG Data Loss Barometer **The Asset Disposal and Information Security Alliance was formed in 2010 as a trade body bringing certification and regulation to those companies operating in the IT Asset Disposal arena. ADISA is chaired by John Sutton, a former lead policy developer at CESG. He is the author of Information Assurance Standard 5 (IAS5), which sets out the UK national standards for the secure disposal of retired IT assets and also the secure sanitisation of sensitive data. ***CESG in the Communications Electronics Security Group, a division of GCHQ, and is the National Technical Authority for Information Assurance.
Page 4 of 5
Stone Group
T: 08448 221122 Fax: 08448 221123 www.stonegroup.co.uk Granite One Hundred Acton Gate Stafford ST18 9AA
Page 5 of 5