Responsible Recycling (R2) recently updated their data eradication standards from SERI, which created more robust standards from earlier versions since 2013.
Called SERI R2v3, or version 3.0, we’ll take a closer look at these updated standards in today’s blog from I.T. Supply Solutions.
What are the basics of R2 core requirements?
R2v3 requirements, first outlined in 2020, encompass 10 different areas of data destruction and eradication, from responsibilities and policies to physical destruction and documentation. We’ll look at the most important ones below.
Scope of a Company’s Operations
This requirement talks about how all R2-certified companies adhering to this new standard must certify processes, managed material streams, processes, and electronic equipment over several activities such as asset collection and recovery, renewal or repair, brokering and remarketing, and recycling.
EH&S Management System
The new standard requires an R2 facility to maintain an Environmental, Health, and Safety Management system that follows the planning, implementation, and monitoring of safety measures for workers, the environment, and the public while handling electronic assets. ITAD companies must periodically review this system to renew the R2 certification and to reduce exposure to mercury, cadmium, lead, beryllium, and other metals used in computer equipment.
Thorough and detailed documentation must include the following:
- Physical security at the R2 facility, like access control.
- Types and quantity of data and data storage devices the facility is going to sanitize.
- Sanitizing methods based on device type.
- Planned duration of data destruction once the assets come into the facility.
- Methods used to sanitize and destroy the data, including software used.
- Documented records showing the efficacy of the data destruction methods.
Tracking what happens to a company’s computer assets is a crucial element of maintaining data privacy. The R2v3 standard states that all ITAD companies must record and manage every equipment, component, and material that comes into their facility while documenting what happens to these items.
Following the R2v3 data security standard cannot be overemphasized. Companies must maintain the highest levels of data security and sanitization based on the type of data storage device (hard drives, SSD, HDDs, flash drives, mobile device memory cards, computer memory cards, and more).
Security at the facility must maintain:
- Access control to only authorized personnel based on the type of devices and data sensitivity of the equipment.
- Written acknowledgment of individuals responsible for handling sensitive data.
- Incident responses, investigations, and reports in the event of a breach of security. These reports go to suppliers, legal authorities, and interested parties.
Data Erasure Software
Perhaps the biggest leap in R2v3 comes from the documentation and use of data erasure software. As more effective software comes on the market, it must do the following:
- Wipe all user addressable memory locations on data storage media. If this is impossible, the software must make the media fail, or make it unusable.
- Remove all logins, passwords, locks, or other mechanisms that could allow someone to access data.
- Maintain electronic data erasure records for all storage devices using data erasure software.
Talk to I.T Supply Solutions for Data Destruction & Security
A professional ITAD company uses the best practices for data destruction and security from start to finish. You can’t take risks with your sensitive data to do this process without consulting a professional team that knows how to properly handle data on old computer equipment.