Preventing Final Disposition Data Breaches
|
|
- Avis Stanley
- 8 years ago
- Views:
Transcription
1
2 Preventing Final Disposition Data Breaches How to Evaluate an ITAD Vendor for Your Organization By: Jim Kegley Founder, President and CEO, U.S. Micro Corporation The IT asset disposition (ITAD) industry finds itself at the unique juncture of two important issues in corporate America that are attracting more scrutiny every year; data security and environmental responsibility. Businesses must secure data to protect customers and their bottom line, while simultaneously protecting the environment to comply with regulations and build goodwill in the community. Without a capable ITAD vendor, they will likely fail to accomplish these goals. The threats of weak ITAD processes to a company s bottom line and reputation are already massive and growing every year. E-waste is an example of a global news story that companies will spend more time addressing in the years ahead. The U.S. Environmental Protection Agency (EPA) estimates that 438 million new consumer electronics were sold in That same year, 2.37 million tons of electronics were retired, an increase of more than 120 percent compared to According to BCC Research, a market forecasting organization focused on science and technology trends, e-waste will continue growing indefinitely at 8 percent annually. The scale of the issue is attracting more media interest every year. In January, The Economist reported on global e- waste and estimated that China alone retired 160 million electronic devices in CBS News covers the issue regularly and special interest groups work actively to raise awareness as well. As regulators, elected leaders and environmental groups read more news stories about e-waste; they will naturally begin to ask what U.S. businesses are doing about it, ratcheting up pressure on companies to demonstrate their commitment to the environment. Data Breaches are Threatening More Companies As important as protecting the environment is, data security or the lack thereof has damaging headlines more often. The past few years have seen a steady stream of high profile breaches. In 2009, 57 BlueCross BlueShield of Tennessee hard drives containing data on over one million people were stolen from a storage closet. As a result, the company has paid more than $18 million in costs associated with the breach, including forensic fees to determine what was on the hard drives and identity theft protection for the impacted individuals. In 2012, NASA suffered a data breach when an employee s laptop containing personal information on over 10,000 employees was stolen from a car. This past January, Global Payments Inc. announced that its April 2012 data breach, which affected an estimated 1.5 million payment cards in 1 ITAK V8 I3
3 North America, cost the company $93.9 million. The list goes on. Such statistics and data breach examples are likely not surprising to the average ITAK Magazine reader. The vast majority of corporate executives who handle end-of-life ITAD issues for their company are well aware of how unforgiving mistakes can be both financially and for their company s reputation. What is less clear to them, however, is whether their company has the right process in place to protect against unsafe industry practices. What is the best method of destroying data on hard drives? Is it okay if an ITAD vendor uses downstream vendors to process e-waste? The answers to these questions are much more controversial than they should be. What the industry lacks are standardized practices to ensure that the environment is protected and data breaches do not occur. The two main certifications governing IT asset disposition, R2 and e-stewards, have made important steps in that direction, but the industry still has a long way to go. In order to identify areas that need improvement and measure future progress, it is helpful to understand how and why standards vary between certifications. Knowing how the R2 and e-stewards certifications are different means going back to their origin and the divergence that resulted in two certifications instead of one. History of R2 and e-stewards The R2 Standard, or R2, began in 2006 as an effort to create best practices in the electronics recycling industry. Various stakeholder groups, including regulators, electronics recyclers, refurbishers, trade associations and Original Equipment Manufactuers (OEMs) developed the standards, which were the first of their kind. The EPA provided funding to facilitate the development of R2, and in 2010 R2 Solutions was formed ITAK V8 I3 to officially administer the certification, the most widely accepted accreditation among IT recyclers. In 2010, e-stewards came into existence after the Basel Action Network (BAN), an environmental justice organization focused on protecting developing countries from e-waste, decided not to participate in the final development stages of the R2 standards. They withdrew after two years over disagreements about export rules. BAN wanted to prohibit the export of e-waste to other countries, regardless of whether it was processed in accordance with R2 standards. BAN would go on to form e-stewards. In an industry that lacked adequate regulations to protect the environment and human health, the certifications were an important step forward. Both have the support of different recyclers and are accredited by the ANSI-ASQ National Accreditation Board (ANAB). Where R2 and e-stewards Diverge The main difference between the two certifications is e- Stewards ban on the export of e-waste to developing countries. R2 does not support this ban, instead requiring due diligence to verify that downstream vendors handle e-waste according to R2 standards. Under e-stewards, sending equipment to an audited and responsible overseas recycling facility for processing would not be allowed. Critics argue that through this policy e- Stewards is actually harming the development of proper recycling in developing countries. This argument is a serious one. According to reporting in The Economist, a quarter of the world s e-waste is produced by developing countries. As early as 2018, developing countries could overtake wealthier nations in the amount of e-waste they produce. These countries need to be building the infrastructure and 2
4 developing the expertise to refurbish or recycle their own retired electronics. With Proper Oversight, Foreign Recycling Can Work The process for recycling plastic bottles is an example of how foreign countries can play a positive role in the recycling industry. Local governments in the U.S., for example, often send plastic bottles to foreign countries, such as China, to be processed. Companies in these countries then use the items to manufacture new materials and products that may end up being exported back to the U.S. As long as there is oversight of the process and the recyclers are legitimate, IT equipment could be recycled in a similar way. Health and Safety Standards and Data Security Other differences between the two certifications include how they deal with the management of certified companies environmental processes and impact. R2 allows recyclers to choose among ISO 14001, OHSAS 18001, RIOS and other standards. In contrast, e-stewards delineates specific minimum requirements related to such things as air quality and CRT processing. Additionally, R2 allows individual facilities to be certified, whereas e-stewards requires that all locations of a company be certified within 18 months of the first site certification. Although protecting data is addressed by both certifications, they primarily recommend adherence to other national standards, such as the National Institute of Standards and Technology (NIST) guidelines for data sanitization. Because R2 and e-stewards began primarily as an effort to deal with e- scrap, neither has produced best practices stringent enough to sufficiently protect against data breaches. Yet, by requiring adherence to the NIST guidelines, they seem to suggest that doing so is sufficient to protect data. Evaluating Vendors Based on Certifications Even though certifications have helped to establish baseline standards for the industry, the lack of a certification should not automatically disqualify a vendor. OEMs such as HP, Dell and IBM, for example, are not certified by R2 or e-stewards, but are known to have high standards and a good reputation in the recycling industry. However, these companies generally rely on certified recycling partners to conduct recycling activities on their behalf. These partners are increasingly qualified by the R2 or e-stewards designation. Some companies may choose not to be certified because their own internal standards are even more stringent than R2 and e-stewards. For example, consider a company s policy on shredding hard drives. Since some hard drives such as solidstate drives (SSDs) cannot be completely wiped of data, some organizations opt to destroy and recycle devices as an extra precaution. The challenge these companies face is proving adherence to a credible, third party standard. To demonstrate a higher standard, companies can pursue third party designations other than R2 and e-stewards, such as a Service Organization Controls (SOC) report offered by the American Institute of CPA s (AICPA). Lack of certification does not mean a vendor should be disqualified, and the converse is also true: certifications do not guarantee that IT equipment is handled in the safest and most environmentally responsible manner. Know Your ITAD Vendor The old adage "buyers beware" applies to the process of shopping for an ITAD vendor. R2 and e-stewards set important minimum standards for disposition, but companies should perform their own due diligence to ensure their retired assets are being processed according to the highest standards. Companies do not generally set out to find an adequate ITAD vendor that meets minimum regulatory and certification standards. They want excellent vendors that have the processes and capability to protect their bottom line and reputation. However, that means vetting a vendor thoroughly. The stakes are too high to risk a mistake. The solution is to know a potential ITAD vendor s processes before entrusting them with your assets. This should include a visit to their facilities to test whether their physical infrastructure and internal processes can deliver the services they promise. How to Evaluate an ITAD Vendor When evaluating a vendor, ask questions that go beyond whether they adhere to a particular certification. For example, certifications do not address whether companies can use subcontractors to pick up equipment, engage third parties to actually process e-waste, or ship unencrypted data-bearing devices without first sanitizing them. Below are three main areas for consideration: 3 ITAK V8 I3
5 Data security: Know your vendor, visit its facility and ask if it uses subcontractors. Understand its process for destroying data. The risk of data ending up in the wrong hands is reduced when data is destroyed before shipping devices offsite. If data remains on hard drives or other devices that are transported, there is greater risk of loss or theft. The vendor should provide verification that all unencrypted data has been wiped prior to shipment. The environment: Technology assets contain pounds of toxic materials and chemicals, from lead and mercury to flame retardants. If companies do not have the capability to process IT assets internally including demanufacturing them into base commodities for resale then they must rely on third parties that may not have adequate environmental controls to ensure proper recycling. To retain control and eliminate reliance on multiple vendors, look for a partner that has the infrastructure in-house to refurbish or process e-waste. Schedule a visit with your vendor to see its facilities firsthand. Third party audits: Consider other third party audits besides those required by e-stewards and R2. For example, in addition to R2 certification, U.S. Micro Corporation recently achieved the American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) 2, Type II designation. As part of this audit, independent auditors evaluated and tested various controls at U.S. Micro, including those related to data elimination; information security; disposition; electronic inventory counts; human resources; IT change management; information systems operations; and other controls. The Proper Role of Certifications The R2 and e-stewards certifications are competitors and each one is seeking to achieve the upper hand as the industry standard for proper recycling. This is not surprising given the growing global concern over e-waste and the attention regulators will increasingly place on its proper disposal. However, minor schisms between the two certifying bodies do not diminish the importance of the standards that they have set for the industry. While some in the ITAD industry bemoan the lack of a unified standard and wonder if R2 and e-stewards will join to offer one certification in the future, even that would not absolve companies of the responsibility to perform their own research when selecting a vendor especially how they protect against data breaches. It is up to executives to carefully choose a vendor that sets standards higher than the certifying bodies. Investing the time to find the right vendor will make an organization more secure and a better steward of the environment, and also keep it out of unwanted data breach and e-waste headlines. ITAK V8 I3 4
A Guide to Minimizing the Risk of IT Asset Disposition
A Guide to Minimizing the Risk of IT Asset Disposition Who is concerned about risk? They may not think about it terms of risk, but almost everyone at your organization is worried about the chinks in its
More informationElectronic Recycling 101 Class 59 of the Metro Area Master Recycler Program April 22, 2015 www.universalrecyclers.com
Electronic Recycling 101 Class 59 of the Metro Area Master Recycler Program April 22, 2015 www.universalrecyclers.com e-waste asset recovery u-waste commodities State of Oregon Recycling 101 In the late
More informationTable of Contents 01 How to minimize cost in the ITAD Process. 02 Four ways to maximize investment recovery
IT Asset Manager s Guide to Disposition As the person accountable for managing the life cycle of your organization s IT assets, you have a number of unique concerns in regard to the disposition of those
More informationValue Recovery. arrow.com
Value Recovery arrow.com Value Recovery With Arrow Value Recovery, it s often not the end of a product s life it s the beginning of a different one. The world of Five Years Out is all about new thinking,
More informationSamsung WEEE Management Policy (US and Canada)
Samsung WEEE Management Policy (US and Canada) 1. Purpose These requirements aim to minimize environmental impacts caused by all Electronic Waste generated by Samsung's US and Canadian operations and programs,
More informationBuilding an ITAD Program:
Building an ITAD Program: What Your Company Needs To Know By: Integrated Communications & Technologies Contents 3 4 6 7 8 9 Introduction Understanding The Concepts of IT Asset Disposition Evaluating by
More informationCENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE
IT ASSET DISPOSITION Technology is introduced to business workflows to increase productivity and boost earnings. When the time comes to remove off-lease and end-oflife IT assets, shouldn t those goals
More informationThat s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.
Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20
More informationValue Recovery. arrow.com
Value Recovery arrow.com Value Recovery With Arrow Value Recovery, it s often not the end of a product s life it s the beginning of a different one. The world of Five Years Out is all about new thinking,
More informationPlug-In to ecycling Guidelines for Materials Management
United States Environmental Protection Agency May 2004 EPA530-K-04-004 www.epa.gov/osw Plug-In to ecycling Guidelines for Materials Management 1 Purpose As part of an effort by EPA to develop national
More informationProtecting Data in Decommissioned IT Assets: Factors, Tools and Methods
SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS
More informationSustaining the U.S. Electronics Recycling Industry -New Challenges for a Maturing Market
Sustaining the U.S. Electronics Recycling Industry -New Challenges for a Maturing Market Eric Harris, ISRI 14 th International Electronics Recycling Congress 2015 Overview U.S. Electronics Recycling Industry
More informationMEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER
MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER EXECUTIVE SUMMARY The combination of an increasingly mobile workforce and rapid technology innovation means organisations must work harder
More informationSelecting an IT Asset Disposition Service Provider
Research Publication Date: 12 December 2007 ID Number: G00154024 Selecting an IT Asset Disposition Service Provider Frances O'Brien Gartner has long recommended outsourcing the task of IT asset disposition
More informationRecycling Electronics to Create Local Jobs for People with disabilities
A 501c3 Social Enterprise COLORADO SPRINGS ENVIRONMENTAL HEALTH & SAFETY REPORT Recycling Electronics to Create Local Jobs for People with disabilities www.bluestarrecyclers.com 2016 Blue Star Recyclers
More informationForm #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services
Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.
More informationValue Recovery Enterprise IT Asset Disposition
Value Recovery Enterprise IT Asset Disposition arrowvaluerecovery.com Enterprise IT Asset Disposition The world of Five Years Out is all about new thinking, new materials, new standards New everything.
More informationElectronic Waste: Managing the Environmental and Regulatory Challenges
Electronic Waste: Managing the Environmental and Regulatory Challenges Jasmine Nasiri, Steven Piatkowski and Frank Westfall Business Descriptor Electronic Waste: Managing the Environmental and Regulatory
More informationHP Standard 007-2 Vendor Requirements for Hardware Recycling
HP Standard 007-2 Vendor Requirements for Hardware Recycling Responsible Group Document Identifier Revision and Date Last Re-validation date Abstract Applicability Status Global Social and Environmental
More informationyour risks Find out more about our affordable, secure shredding and recycling service.
your risks Find out more about our affordable, secure shredding and recycling service. Veolia Environmental Services understood our needs and recommended an affordable solution for securing and recycling
More informationDUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two)
DUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two) By Amy Terry Sheehan Vendors and other third parties are vital to
More informationDespite Stated Commitment to Data Security, US Companies Continue to Neglect Mobile Devices Security: Impact on ITAD
Data security, Compliance and Risk Management: 66 West Flagler St., 12th Floor, Suite 1204-A, Miami, FL 33130, USA inquiries@compliance-standards.com Phone: 305-901-6389 Fax: 305-468-6374 Despite Stated
More informationIT Asset disposition services
IT Asset disposition services Serverhuset help you do business while following the EU-directive on WEEE Table of contents We help our customers become more cost efficient and environmentally friendly by
More informationHard Drive Retention Offering for Xerox Products in the United States
Hard Drive Retention Offering for Xerox Products in the United States November 19, 2013 2013 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the
More informationArrow IT Asset Disposition Trends Report
IT Asset Disposition ITAD Trends Report Arrow IT Asset Disposition Trends Report The data is in, and IT-industry practitioners have made it clear that concern over data security is the number one reason
More informationAsset recovery Balancing risk and opportunity
Asset recovery Balancing risk and opportunity Table of contents Executive summary...2 Risks and rewards in the asset recovery process...2 Opportunities in asset recovery...2 The challenge of the IT lifecycle...3
More informationRESPONSIBLE RECYCLING ( R2 ) PRACTICES ACCREDITED CERTIFICATION PROGRAMS ELECTRONICS RECYCLERS
RESPONSIBLE RECYCLING ( R2 ) PRACTICES For Use In ACCREDITED CERTIFICATION PROGRAMS For ELECTRONICS RECYCLERS October 30, 2008 TABLE OF CONTENTS INTRODUCTION... 1 THE R2 PRACTICES... 2 1. Environmental,
More informationOUR SERVICES... SUPPLY CHAIN SERVICES ONSITE SERVICES IT RECYCLING SERVICES
SERVICES OVERVIEW OUR SERVICES... ONSITE SERVICES Onsite Shredding Services Onsite Data Erasure Services Onsite Document Destruction Services Onsite Hard Drive Destruction Services Data Centre Decommissioning
More informationWaste, Not! Recovering Value from Unused and Surplus IT Assets
Waste, Not! Recovering Value from Unused and Surplus IT Assets A CNE Direct Whitepaper Contents 2 Introduction 3 The Asset-Value Recovery Landscape 4 Five Steps to Maximizing Asset-Value Recovery 6 Conclusion
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationAuditing Security: Lessons Learned From Healthcare Security Breaches
Auditing Security: Lessons Learned From Healthcare Security Breaches Adam H. Greene, J.D., M.P.H. Davis Wright Tremaine LLP Washington, D.C. Michael Mac McMillan CynergisTek, Inc. Austin, Texas DISCLAIMER:
More informationEnvironmentally Sound Management of E- waste: Emerging Issues, Challenges and Opportunities for Material Recovery and Recycling
Environmentally Sound Management of E- waste: Emerging Issues, Challenges and Opportunities for Material Recovery and Recycling Dr Sunil Herat Senior Lecturer in Waste Management & Project Leader Griffith
More informationManaging and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS
Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like
More informationAsset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business
Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business Allow AMI to unlock the value in your redundant IT equipment by extending the lifecycle of your
More informationChallenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional
More informationHIPAA compliance audit: Lessons learned apply to dental practices
HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers
More informationAsset Management Equipment Redeployment And Termination Services. A Service Offering From Data Center Assistance Group, Inc.
DCAG Data Center Assistance Group, Inc. Revision Date: 5/20/2013 Asset Management Redeployment And Termination Services A Service Offering From Data Center Assistance Group, Inc. (DCAG) Prepared by: Thomas
More informationTOOLKIT FOR SETTING UP ELECTRONICS RECYCLING PROGRAMS SECTION II
TOOLKIT FOR SETTING UP ELECTRONICS RECYCLING PROGRAMS SECTION II GUIDANCE FOR POTENTIAL ELECTRONICS RECYCLING ENTREPRENEURS ~ BEFORE WRITING A BUSINESS PLAN MAY 2003 Northeast Recycling Council, Inc. 1
More informationThe Health and Environmental Impacts of e-waste
The Health and Environmental Impacts of e-waste Presenter: Susanne Dittke Chemical Engineer/Environmental Consultant Tel: 0027-21-7069829 Email:envirosense@xsinet.co.za Skype: envirosense www.envirosensecc.co.za
More informationالدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات
- البحرين الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات Agenda The problem Traditional Methods Case Study Recommendation The problem What
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationThe Advantages of Common Data Management Software (LLRW)
Innovative use of Cloud Computing and Hardware Platforms to Improve the Accuracy, Efficiency and Auditability of LLRW 11622 Lloyd A. Solomon*, Robert Eunice*, and Amit Gandhi* * Studsvik, Inc., Atlanta,
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationWe are the solution. erecycling. We have the solution. made easy.
We have the solution. erecycling made easy. Nowadays, business and technology go hand in hand. But what happens to those old or unwanted electronics? The answer, more often than not, is: nothing. We stack
More informationResponsibly Retiring IT Assets, Medical or Laboratory Equipment
Responsibly Retiring IT Assets, Medical or Laboratory Equipment Agenda Introductions David Zimet, President, Hesstech, LLC Industry Overview Key Issues When Retiring Electronic Equipment Data Security
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationElectronic Asset Disposition
Electronic Asset Disposition Computers and other electronic assets become obsolete at a more rapid rate than ever, disposing of them responsibly has become a vital if not daunting undertaking for most
More informationENVIRONMENTAL, HEALTH & SAFETY MANAGEMENT SYSTEMS MANUAL
September 7, 202 940. General Requirements (ISO 400 4.; OHSAS 800 4.).. Alcoa Fastening Systems Republic Operations (AFS Republic) has established, documented, implemented, maintains, and continuously
More informationFrequently asked questions: SOC 2 and 3
1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationHARD DRIVE REMARKETING
A PUBLICATION BY HORIZON TECHNOLOGY THE SUPPLY CHAIN PROFESSIONAL S GUIDE TO HARD DRIVE REMARKETING THE INTRODUCTORY GUIDE TO HARD DRIVE DISPOSITION & REMARKETING TO MAXIMIZE COMPANY PROFIT TABLE OF CONTENTS
More informationCARDINAL RESOURCES LLC INTRODUCTION
CARDINAL RESOURCES LLC ANTI- BRIBERY AND ANTI- CORRUPTION POLICY INTRODUCTION The purpose of this Anti- bribery and Anti- corruption Policy (the "Policy") is to ensure compliance by the Red Bird Group
More informationTrue Product Lifecycle Management Begins When Design Ends. strategy may dictate involvement in all or just a few implemented according to design
ARC PROFILE By Greg Gorbach April 2006 True Product Lifecycle Management Begins When Design Ends Consider that the end-to-end lifecycle of a product begins with the first spark of innovation and ends when
More informationThis factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.
FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should
More informationJobs Through Electronics Recycling
Jobs Through Electronics Recycling Coalition for American Electronics Recycling Membership Survey and Jobs Study of the Potential of the U.S. Electronics Recycling Industry FINAL REPORT I Prepared by:
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationTHE TRIPLE BOTTOM LINE HELPING PEOPLE. AND THE ENVIRONMENT.
THE TRIPLE BOTTOM LINE Goodwill of Orange County People. Planet. Profit. OUR ROOTS ARE IN RECYCLING Goodwill s business model has relied on the re-use and recycle process for over 100 years. New Technology
More informationTABLE OF CONTENTS MRK GROUP LTD CAPABILITIES 2 GSA AWARDED TERMS AND CONDITIONS 3 AWARDED GSA PRICE LIST 6
GENERAL SERVICES ADMINISTRATION FEDERAL SUPPLY SERVICE 899-ENVIRONMENTAL SERVICES AUTHORIZED FEDERAL SUPPLY SCHEDULE PRICE LIST On-line access to contract ordering information, terms and conditions, up-to-date
More informationSecure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationE-Waste and the Environment
E-Waste and the Environment The Case for Electronics Recycling Legislation For more information: Jordan Abushawish Public Policy Specialist jordan.abushawish@goodwill.org Seth Turner Director of Government
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationHIPAA Compliance: Efficient Tools to Follow the Rules
Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability
More informationCalifornia s Electronic Waste Recycling Act
California s Electronic Waste Recycling Act GEM Network Meeting - Sacramento 1 July 15, 2013 This Morning s Topics Why Does California Care About E-waste? Legislative and Regulatory History The Electronic
More informationTestimony of MICHAEL BIDDLE. President and Founder of MBA Polymers, Inc. of Richmond California. before the Subcommittee on
Testimony of MICHAEL BIDDLE President and Founder of MBA Polymers, Inc. of Richmond California before the Subcommittee on Government Management, Organization, and Procurement of the Oversight and Government
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) Physical Inventory and Control of University Property Policy #2360
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) Physical Inventory and Control of University Property Policy #2360 POLICY INFORMATION Major Functional Area (MFA): Finance and Administration Policy
More informationAT&T s Code of Business Conduct
August 2015 AT&T s Code of Business Conduct To All AT&T Employees Worldwide: The most basic commitment we make to our customers, our shareholders, and each other is to always conduct ourselves in an ethical
More informationDell Service Description
Dell Service Description IT Asset Donation - EMEA Introduction Dell is pleased to provide Asset Resale and Recycling Services (the Service(s) ) in accordance with this service description (the Service
More informationCOMPUTER & ELECTRONICS DISPOSITION CONTRACT MNSCU CONTRACT #: CST - 125
Minnesota State Colleges & Universities and Asset Recovery Corporation COMPUTER & ELECTRONICS DISPOSITION CONTRACT MNSCU CONTRACT #: CST - 125 CONTRACT EFFECTIVE UNTIL: SEPTEMBER 15, 2014 http://www.finance.mnscu.edu/contracts-purchasing/collaborative/index.html
More informationFrom Chaos to Clarity: Embedding Security into the SDLC
From Chaos to Clarity: Embedding Security into the SDLC Felicia Nicastro Security Testing Services Practice SQS USA Session Description This session will focus on the security testing requirements which
More informationStandards of. Conduct. Important Phone Number for Reporting Violations
Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,
More informationISOs: THE SECRET TO REDUCING IT MAINTENANCE COSTS
ISOs: THE SECRET TO REDUCING IT MAINTENANCE COSTS The Challenges of Sustaining IT Infrastructure Chances are that your company s IT infrastructure has evolved significantly over the last three to five
More informationData Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015
Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security
More informationMobile Network Operators and the Used Mobile Device Market: SAFELY CAPTURING VALUE WITH ADVANCED DATA ERASURE
Mobile Network Operators and the Used Mobile Device Market: SAFELY CAPTURING VALUE WITH ADVANCED DATA ERASURE Blancco White Paper Published 21 February 2014 Table of contents Introduction...3 Drivers for
More informationInformation for Management of a Service Organization
Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure
More informationJune 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers
John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information
More informationThe APA Application Process. Intercompany Transfer Pricing
Income Tax Planning Insights The APA Application Process and Intercompany Transfer Price Considerations Robert F. Reilly, CPA Domestic taxpayer corporations that transfer tangible property (e.g., inventory),
More informationSecurity Control Standard
Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the
More informationHere are some hazardous wastes commonly generated by the marina industry:
Important Note: The following text is excerpted directly from the New York State Department of Environmental Conservation s publication, Environmental Compliance, Pollution Prevention, and Self Assessment
More informationBOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS
BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS Shannon Phillips Jr. Independent Bankers Association of Texas 1700 Rio Grande Street Austin, Texas 78701 sphillips@ibat.org 512.275.2221
More informationCloud Computing: Implications and Guidelines for Records Management in Kentucky State Government
Cloud Computing: Implications and Guidelines for Records Management in Kentucky State Government (Version 1.0 August 2012) Many information technology (IT) departments and resource allocators are considering
More informationINFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY
INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY Version: 1.4 Ratified by: Date Ratified: 14 October 2014 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued:
More informationOECD GUIDELINES FOR PENSION FUND GOVERNANCE
OECD GUIDELINES FOR PENSION FUND GOVERNANCE These Guidelines were approved by the Working Party on Private Pensions on 5 June 2009. OECD GUIDELINES FOR PENSION FUND GOVERNANCE 1 I. GOVERNANCE STRUCTURE
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationClean, Crisp Water Bottled Water Versus Tap Water
Clean, Crisp Water Bottled Water Versus Tap Water Bottled water is a popular beverage around the world, and consumption has grown steadily in recent years. However, even with its steady growth and popularity,
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationSafer food supply chains why assessments are great news for your business
Safer food supply chains why assessments are great news for your business Article By Vel Pillay, a food safety expert for LRQA America; and Cor Groenveld, Global Food Product Manager of LRQA and chairman
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationManaging data security and privacy risk of third-party vendors
Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected
More informationQuality Management System Manual
Quality Management System Manual This manual has been reviewed and approved for use by: Jack Zazulak President, Aurora Machine Limited March 07, 2011 Date - Copyright Notice - This document is the exclusive
More informationEmpowering Sustainability in Logistics
Empowering Sustainability in Logistics Building a Responsible Partnership for a Green Supply Chain Sustainability is now part of the supply chain lexicon or should be If mismanaged, supply chain decisions
More informationShredding. Security. Recycling
Shredding Security Recycling WHO WE ARE PHS Datashred has the knowledge, capability and experience to ensure the safe and secure disposal of your confidential material. Trusted by over a third of FTSE
More informationELEPHANT TALK COMMUNICATIONS CORP. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY
ELEPHANT TALK COMMUNICATIONS CORP. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY I. POLICY STATEMENT This Foreign Corrupt Practices Act Compliancy Policy (the Policy ) has been adopted by Elephant Talk
More informationII. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight
Compliance Management System Introduction Financial institutions operate in a dynamic environment influenced by industry consolidation, convergence of financial services, emerging technology, and market
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More information