Mon - Fri 8:00 - 6:30
Compliance & Security
Built to Satisfy Your Compliance Team
Our documentation and processes are designed to satisfy the requirements of the frameworks your industry operates under.
R2v3
The Responsible Recycling standard — the most rigorous certification available for ITAD facilities. Covers data security, environmental accountability, worker safety, and downstream due diligence.
• Certification In Progress
ISO 9001
International quality management system standard. Ensures consistent, documented processes across all operational functions — aligned with R2v3 quality management requirements.
• Certification In Progress
ISO 14001
Environmental management system standard. Demonstrates systematic commitment to minimizing environmental impact — supporting our zero-landfill policy and ESG documentation requirements.
• Certification In Progress
NIST 800-88
NIST Special Publication 800-88 Guidelines for Media Sanitization — the government standard referenced by HIPAA, FISMA, and most enterprise data security policies for data destruction.
• Applied on Every Job
HIPAA
We execute Business Associate Agreements with all healthcare clients and ensure ePHI-bearing devices are handled in full compliance with the HIPAA Security Rule's media disposal requirements.
• BAAs Provided
GLBA Safeguards
The updated FTC Safeguards Rule requires financial institutions to document secure disposal. Our Certificate of Destruction packages are structured to satisfy Safeguards Rule examination requirements.
• Report Ready
FISMA / FedRAMP
Federal Information Security frameworks require verified media sanitization for government contractors and agencies. Our NIST 800-88 process and serialized documentation support FISMA compliance requirements.
• NIST 800-88 Aligned
CCPA / State Privacy Laws
California's CCPA and emerging state privacy laws extend data protection obligations to device disposal. Our documentation provides the disposal evidence required under these frameworks.
• Documentation Ready
COMPLIANCE & SECURITY
Built for audit, designed for risk reduction
Built around strict standards, documented controls, and verifiable outcomes.
Data Sanitization Standards
We apply structured data destruction methods based on device type and data classification. Each action is logged and tied back to the individual asset.
Chain of Custody & Asset Control
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem
Audit-Ready Documentation
Everything we do is documented in a format your compliance team can actually use. No vague summaries, just verifiable records.
TALK TO OUR AGENT
Talk to an experienced advisor.
CALL FOR ADVICE NOW!
Compliance & Security Concerns
Frequently Asked Questions
What standards do you follow for data destruction?
We follow NIST SP 800-88 guidelines, which define approved methods for data sanitization. Depending on the asset and risk level, we apply Clear, Purge, or Destroy methods. Each action is logged and reported at the device level.
Can you provide proof that data was destroyed?
Yes. Every processed device receives a record that includes the serial number, method used, date, and result. Certificates of Destruction are issued and can be mapped back to your original asset inventory.
How do you maintain chain of custody during transport?
Assets are inventoried before pickup, sealed in tamper-evident containers, and transported via tracked vehicles. Each transfer point is documented and signed, ensuring a continuous and verifiable chain of custody.
Do you support compliance with regulations like HIPAA, FACTA, or GLBA?
Yes. Our processes are designed to support organizations operating under strict regulatory requirements. While we don’t replace your internal compliance program, our documentation and handling procedures align with these frameworks.
What happens if a device fails data erasure?
Failed devices are automatically flagged and removed from the remarketing stream. They are either reprocessed or moved to physical destruction based on your policy. This ensures no device leaves processing without verified sanitization.
