We are thrilled to announce that we have received the highest possible level of certification for our data sanitisation services. We have recently been audited against ADISA ICT Asset Recovery Standard 8.0 and have achieved a DIAL 3 with Distinction pass – only the third ITAD company in the UK to do so.
Launched in 2010, ADISA Certification Limited is the world’s leading certification body for companies that offer data sanitisation and data protection services and products. In 2021, ADISA Standard 8.0 was formally approved by the ICO as a UK GDPR Certification Scheme and the certification process was subsequently approved by the UK Accreditation Service (UKAS) in August 2022.
This certification ensures that any organisation coming to us for data destruction and sanitisation services will be fully UK GDPR compliant – and DIAL 3 means we can handle the most sensitive data types, such as global primary corporate clients, government departments, company employee or business data, the NHS and the Ministry of Defence.
And to say we are delighted is an understatement – here’s what Phil, our Managing Director, had to say; “The ADISA certification is a huge step for us, providing assurance to all our customers, past, present and future, that our data sanitisation solutions are compliant with the most rigorous industry standards.”
The New ADISA Standard 8.0 and DIAL Rating
In August 2022, ADISA completed a three-year process to achieve UK GDPR Certification Scheme status for ADISA Standard 8.0. This enables the data controller and Asset Disposal (the data processor) to manage the asset recovery process to a set standard. In short, organisations using our services are compliant by law.
DIAL, which stands for Data Impact Assurance Levels, is a framework for assessing risk to an organisation or business, based on answers to five questions. Once a DIAL rating has been determined, a bespoke service plan can be built which uniquely matches an organisation’s requirements.
The five questions will determine the following:
The size of the threat to your organisation; your appetite for risk; the categories and types of data required to be processed; the volume of the data; and ultimately, the impact of a data breach on your organisation or business.
The Threat – who are you protecting your data from? At the high end this may be government sponsored organisations using sophisticated techniques; at the low end opportunists mounting unsophisticated attacks.
Appetite for Risk – this questions an organisation’s tolerance to risk. For instance, a low tolerance would see an organisation or business taking on additional risk treatments to ensure all results lead to no further actions or risk treatments. A high tolerance would opt for the most cost-effective risk management approach, knowing that additional risk treatments are available.
Categories and types of data – this refers to the type of data you need to be processed. At the high end this could be personal and corporate data, including data relating to criminal convictions or corporate secrets, while at the low end this is non-confidential data which may already be in the public domain. This helps companies like us place a value on the data being processed.
Volume of data – this refers to the scale of data which needs processing. At the low end this would be a known number of data carrying media which are being disposed of and which contain a total of under 10Tb of overall capacity and storage. And the high end, this would be an unknown number of data carrying media.
The impact of a data breach on an organisation or business – as the data controller, you would need to assess the impact any data breach might have on your organisation or business. At the low end a data breach might lead to some adverse press coverage and damage to a brand’s reputation. At the high end, this may involve legal action by data subjects and regulatory action which in turn could lead to share price impact and erosion of any competitive advantage.
Steve Mellings, founder and CEO of ADISA said this about the certification; “I’m delighted for all at Asset Disposal on achieving this significant landmark for their business and their customers. The audit process is extremely thorough, the commitment and application shown by the Asset Disposal team has been of the highest order.”
We’ll hand back to Phil for the final word; “This award is the latest in a series of certifications, including ISO 9001, 14001 and 27001, as well as our Cyber Essentials accreditation, all of which highlight the high standards we set ourselves.
“This particular certification demonstrates our ongoing commitment to maintaining the highest standards when dealing with sensitive data.
“The process has been a fairly lengthy one, so I just want to say a huge thank you to everybody involved. It was well worth the effort.”
For more information about our data sanitisation and destruction services, click here.