What You Need to Know

There are approximately 1000 IT disposal organisations throughout the UK, most of which were established after the WEEE regulations came into law in 2007.

It’s often overlooked as to how much there is actually to consider when it comes to disposing of your redundant IT hardware especially after the implementation of the new GDPR rules in May 2018.

Below we have put together an essential series of questions you need to be asking when the time of IT disposal comes about. It is often easy to identify if an organisation is undertaking a consistently high quality compliant service. By asking each question one by one, you can easily filter out all the low quality IT recycling organisations.

Don’t let yourself be fooled by a flashy website

A professional website can easily disguise an organisation with many flaws. When responsible for disposing of your companies IT hardware, it is critical that you know who you are actually dealing with, where they are operating from and how they do it. Attention to detail on websites can easily uncover who is professional and who isn’t.

What accreditations does the organisation hold?

The standards a company complies with along with the accreditations they have can indicate how professional and well directed a setup it is. Accreditations to look out for include but are not limited to: UKAS 14001, UKAS 9001, UKAS 27001, UKAS 18001, UKAS 50001, UKAS 22301, ISO 39001, Investor in people, BS 15713 and BS 7858. Non UKAS certifications are worthless; accreditors for non UKAS standards don’t usually even attend the companies’ premises.

What does the companies’ background history look like?

How a disposal company has acted in the past usually shows you how they will act in the future. Ways of researching history can be via online reviews, requesting references from similar organisations to your own, performing a financial background check etc.

Who are the key staff members leading the organisation and what knowledge / skills do they possess?

Many IT recycling company bosses don’t have any other motivation except financial income. It is good practice to know who exactly is running the organisation, what motivates them, what professional skills they have, what experience and knowledge they have and what risk assessments they undertake.

Can you visit their premises and see who exactly you are dealing with?

Many IT disposal companies are operating underneath the umbrella of their website and a visit to their premises can usually uncover a multitude of sins. If you cannot get a good genuine impression on their website through videos and interviews, it is best practice to visit their premises. If a premises viewing is denied, they are certainly to be avoided.

Do they use their own vehicles and drivers with no third parties?

Very few IT recycling organisations use their own logistics team with their own vehicles. Even those that do don’t even incorporate the security necessities into their practice which without a doubt is critical as the risk of your data being misplaced or stolen is at its greatest during transportation. Key things to look out for after you have determined if they are using their own logistics team: do they incorporate data security training into logistics, have they undertaken a data security logistics risk assessment, what background checks do they do on their collection team, do their vehicles have solid sides and bulkheads / CCTV / tracking / additional security locks / sign written vehicles etc.

Does the IT recycling company possess chemical safety experts?

A good portion of IT hardware waste is classed as hazardous which can put the environment and peoples’ health & safety at risk if not treated and handled correctly. This is not an extensive list but such items include CRT monitors containing lead, LCD monitors containing arsenic and mercury, batteries, UPS systems containing batteries, vehicle diagnostic computers containing various oils etc. It is critical for any IT recycling organisation to include a competent member of staff with chemical safety training and knowledge into their inventory of employees who can prevent environmental and health & safety incidents.

Is data security and security related training an integral part of their service?

It is a fact that most of the IT recycling companies operating in the UK don’t take security seriously but due to the sheer amount of data stored on all types of IT equipment this can be a fatal error. Ensure you question their security practices, are they utilising all available security measures, have they undertaken an in depth security risk assessment, do they list all their security measures, are they ISO 27001 UKAS registered, are you able to visit their premises and see what their logistics system looks like, what security training do they provide their staff with etc.

Does the organisation hold all applicable environmental licences?

It is required by law that any IT recycling organisation holds the correct licences and permits for undertaking such a service. Essential licences include: A waste carriers licence for transportation and an environmental permit for processing the waste at their site.

Does the organisation know what data is stored on?

We can confidently say that the vast majority of IT recycling companies don’t understand that data is stored on 100s of other device types on top of simple hard drives. Types of hardware that contain data include POS systems, security code generators, thin clients, printers, photocopiers, routers, firewalls, switches, VPNs, tape drives, PDAs, mobile phones, fax machines, AV equipment etc. It requires a large amount of specialist knowledge to ensure all such device types are data sanitized safely; such knowledge is a rarity at about 90% of IT recycling organisations.

How does the organisation destroy data?

Does the organisation have tried and tested / certified data wiping and destruction machinery and does such machinery get audited regularly to ensure it is continually meeting the required standards. Ask to be talked through what it does and how it does it. There are a considerable amount of ‘bodge job’ methods of destroying data bearing devices from beating them with a hammer to simply going on the operating system and deleting specific items.

Do they offer onsite data destruction?

The risk of misplacing, losing or even having your data stolen is at its greatest when it is being transported away from your site. If the organisation undertaking such a task hasn’t taken all appropriate security measures, this can easily result in a disaster for you. If deemed necessary for extra piece of mind you can request onsite data destruction via either degaussing, data wiping, shredding, crushing, label / reference removal or physical destruction; before you proceed, ensure you confirm exactly what the onsite data destruction machinery is, how it is carried out along with how regularly it is checked and certified as compliant.

Does the company provide all applicable certificates?

A good portion of the IT recycling companies in the UK don’t provide the correct certificates. Certificates you should expect include: WTN (waste transfer note), HWCN (hazardous waste consignment note), DDC (data destruction certificate) and an Asset Report. Ask to see examples of what you will receive and when. Are the examples given compliant with all relevant legislation?

Does the IT disposal organisation offer IT collection / asset tracking?

Not all IT recycling companies have the ability to be able to track IT collections / assets through their system. Without such a professional system, it is easy for IT collections to go missing with no explanation as to where they have gone or who made contact last. It is important to ensure your IT recycler offers this as part of their service. Ensure you confirm if the service you choose tracks IT collections as a whole or as individual assets (more time consuming / costly). Companies offer different kinds of services related to asset / collection tracking with different applicable costs.

Do they charge for their service?

With the market place becoming more and more congested, companies are cutting increasingly more corners to reduce costs so they can provide a free service. There isn’t anything wrong with a free service but it is important to ensure that for all the above questions you receive a positive answer unless too many corners will have been cut.

Secure Recycling & Data Destruction of:

  • IT Hardware (all types)
  • Data Centre Hardware
  • Telecoms Hardware
  • Audio Visual / Media Hardware
  • Electronic & Testing Hardware
  • Networking Infrastructure

Request Callback: