ITAD Is Dead.
“WARNING: ITAD vendors can READ your customer data during the overwrite process! Companies not following the lastest data control standards are often fined for illegal data transport with potential breaches at the overwrite process.”
Today, because of GDPR, NIST, ZTA, CCPA and IRS 1075, cybersecurity assessors from the government GAO, IRS, DoD, NERC, PCI, HIPAA or more will examine you and your contractors, and all the subcontractors they use. It is your responsibility to prove the compliance of your entire supply chain and ignore the supplier’s embellishments of a fictitious data governance.
The old ITAD system has not changed with cybersecurity requirements and can be rendered obsolete (dead).
What Has Changed in Data Control?
- The Data Destruction process must meet your Risk Assessment requirements
- Data Destruction must occur under your control per Federal, State and Industry regulations
- Vendor must be Cybersecurity Framework certified per Federal, State and Industry regulations
- You must follow data destruction techniques based upon your published Data Classification Policy
- Data destruction by the Sanitizer must be Verified by a second individual
- Certificates of Destruction must be complete and meet NIST 800-88 requirements”