IT asset disposal vendor Xperien is planning to set new industry quality standards that meet internationally recognised standards in terms of asset disposal and resale.
The organisation says there is a rapid increase in uncertified disposal companies and refurbishers trying to penetrate this fast-growing market.
Xperien CEO Wale Arewa warns that many of these pop-up disposal companies offer services free of charge, hoping to recoup their costs from resale of obsolete equipment. "As tempting as this may sound, if they are not certified, it could carry significant risks in terms of data leakage and environmental damage."
Many newer disposal companies lack the necessary expertise or resources to properly execute or oversee the critical aspects of equipment disposal. For example, correct recycling of computer equipment involves knowing how to isolate and dispose of the toxic components and heavy metals like beryllium and lead, he says.
Furthermore, Arewa says there are many regulations that apply to asset disposal, eWaste, recycling, refurbishing and data protection. "Ignorance of these laws is no excuse should an inadvertent breach occur or be discovered."
Each step of the process
"It is extremely important that asset managers understand what happens at each step of the process so as to detect if a particular disposal company is properly qualified and doing things properly," he explains.
Xperien is the only company in Africa to be ISO 9001:2015 certified, operating a quality management system that complies with requirements of ISO 9001:2015 for the collection and disposal of IT assets and equipment.
Xperien has introduced an industry standard called Certified Refurbished System (CRS) to ensure refurbished systems are ISO-certified and audited. CRS products that have been through factory grade processes that are certified and audited by ISO 14001:2015 and ISO9001:2015.
Data security
Arewa says due diligence should be observed when examining accreditations like ISO to ensure the certificate is related to IT disposal. "Simply having a certificate for IT distribution or recycling will not necessarily cover processes required for data security."
According to him, companies involved in disposal need to follow requirements in terms of elimination of personal data, secure chain of custody, inventory management, environmental disposal and asset buyback.
He says in the event of a breach, companies could face consequences such as loss of reputation and non-compliance to the Protection of Personal Information Act, loss of equipment and data, bad housekeeping, as well as eWaste pollution and non-compliance to the National Environmental Management: Waste Act.
"If your security is breached as a result, it might be too late to ask yourself whether your service provider is properly certified," he says.