Absolute IT is proud to be accredited partners of ADISA, following their approved standards for our IT Asset Disposal services. ADISA accreditation gives you confidence that we meet or exceed all the requirements and best practices necessary for the safe and secure handling of confidential data.
Why is ADISA certification so important and why does it matter for your business?
Here are answers to some of the questions we get asked most frequently about ADISA.
The Asset Disposal and Information Security Alliance (ADISA) underwrites best practices for data security for asset recovery and disposal companies. ADISA certification reflects the highest standards of safety, environmental responsibility and confidentiality in the industry.
ADISA is the only industry-specific accreditation in IT asset disposal. Achieving this accreditation requires meeting a stringent checklist of standards and undergoing regular, unannounced operational and forensic audits by a group of independent UKAS-certified auditors.
2020 and 2019 Computer security awards winner.
The advantages of using an ADISA certified company such as Absolute IT can be summed up as follows:
You can request a free, up to date version of the ADISA standards by clicking here. You can also find out what standards are most relevant to your business by chatting with a certified company. Call 01332 371 989 to find out more.
Well, you’re on the website of one now, so you can call us today to discuss your recycling requirements! Or if you’d like to find a company local to you, you can do so here on the ADISA website using their interactive map. (There are only 41 ADISA members in the UK out of over 800 registered IT recycling companies, giving an idea of the high benchmarks required to achieve ADISA accreditation.)
If the business appears on the ADISA Member’s List of certified companies then yes; if not, no. This is the only way to truly verify an existing ADISA accreditation; be sure to double-check on the official ADISA website.
If you’re already using an ADISA accredited business then probably, yes. However, if they are not certified there is simply no way of knowing. No matter how long a company has been in business and how many glowing reviews they can boast on Google and Facebook, what matters is the standards they follow when handling your company’s sensitive data.
The processes they follow may or not be effective – with no independent set of standards in place you can never be sure.
Again, not really. Even if a company claims to follow ADISA standards, without regular independent auditing in place you can never be fully confident.
A non-ADISA accredited company is unmonitored - essentially a disposal company with no accountability. We’re not suggesting that non-accredited companies are dishonest or unprofessional, any more than an unqualified accountant or financial adviser is necessarily dishonest – but would you trust them with your financial affairs? Probably not.
The same applies to IT asset disposal. ADISA provides the international industry standards that ensure the safe disposal of data and the sustainable recycling of IT components. Without verification that these standards are being met, you are taking a big risk.
Remember that the personal data you hold as Data Controller is your responsibility.
If data is inadequately sanitised and falls into the wrong hands it is your business that will face fines and potential prosecution for GDPR non-compliance, not the recycling company. It is your company that will ultimately be blamed if environmentally toxic IT components find their way to landfill, rather than being responsibly recycled.
At present ADISA is primarily a UK organisation, although it has several members in Canada, the USA and eight EU countries and is moving towards international and European recognition. IT asset recycling is still a fairly new industry, and as such is not yet covered by BSI and ISO standards. This being said, there are no real barriers to ADISA standards being formally recognised by the International Standards Organisation.
The difference at the moment is in auditing practice. ADISA requires twice-yearly assessments and unannounced audits at any time during membership. ISO assessments, on the other hand, are carried out at most annually (some standards are valid for up to 10 years) and by appointment only. There are no unannounced audits. ADISA auditing standards are therefore more stringent than those currently permitted by the ISO accrediting bodies.
Yes, ADISA standards are widely recognised and respected by official bodies in the UK, USA, Canada and the EU. In 2013 the ADISA IT Asset Disposal Standards were recognised by the Defence InfoSec Products Cooperation Group (DIPCOG) - an MoD sponsored forum representing data security specialists from the MoD and CESG.
No. ISO 27001 covers some of the same ground as the ADISA standards but is far broader, governing information security standards in general, rather than IT asset disposal standards in particular. Some ADISA members are also ISO 27001 accredited. ADISA certification is the only accreditation specific to our industry.
The questions discussed on this page are answered in more detail in our free downloadable e-book: The 6 Hidden Dangers of Non-ADISA Accredited IT Recycling, which can be downloaded here. We are also happy to discuss your questions in person. Please call 01332 371 989 or email firstname.lastname@example.org. You can visit the ADISA global website by clicking here.
If you would like to find out more about our services, please get in touch today for a free, no obligation quote. Simply pick up the phone and call us on 01332 291 992, or send us a message through the form on this page.