INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY



Similar documents
Asset Management Ireland (AMI) The secure IT Asset Disposal Company that generates revenue for your business

IT Trading UK Ltd Computer & IT Equipment Disposal Specialists

IT ASSET DISPOSAL ISO ISO Registered Environmental Management. ISO 9001 Registered Quality Management

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

Fujitsu Asset Lifecycle Management Services

Secure Mobile Shredding and. Solutions

University of Liverpool

PROCEDURE FOR THE CONDEMNING & DISPOSAL OF EQUIPMENT

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER

Sustainability and Environmental Review. Introduction

Management of Assets Policy

Sustainable procurement of mobile phone service contract

IT asset disposal for organisations

How To Manage A University Computer System

SCANNING STORAGE SHREDDING WORKFLOW IT RECYCLING.

Grasmere Primary School Asset Management Policy

Samsung WEEE Management Policy (US and Canada)

POLICY AND PROCEDURE FOR THE DISPOSAL OF AN ASSET

How To Destroy Data From A Hard Drive

Shredding. Security. Recycling

Asset Replacement Strategy and Procedure Draft

NHS LEEDS WEST CCG DETAILED SCHEME OF DELEGATION. Version: 3-4 November 2015

COMMERCIAL WASTE SERVICES. sharing responsibility

Waste Management Policy

Information Governance Policy (incorporating IM&T Security)

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion

Rotherham CCG Network Security Policy V2.0

INFORMATION GOVERNANCE POLICY

Designing Closed-loop Supply Chains: Implementation of the WEEE directive in the UK 1

Information Management Policy

DOCUMENTED PROCEDURE MANUAL

Safe management of healthcare waste

Management of Assets Procedure

ENVIRONMENTAL POLICY STATEMENT

IT Asset disposition services

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

COMPUTER & ELECTRONICS DISPOSITION CONTRACT MNSCU CONTRACT #: CST - 125

Vendor Questionnaire. Financial and Commercial Services

Fixed Asset Policy & Procedures

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

Information Governance Policy

Asset Management Policy

Palmaris Services Ltd. Corporate Social Responsibility Statement

RECORDS MANAGEMENT POLICY

McGill University IT Asset Management Regulation

E-waste Challenges & Solutions

Service Specification. ICT Support 2014/2015

Area Manager - Head of Operational Policy & Assurance

Big Data Analytics Service Definition G-Cloud 7

Guidelines for Disposal of Goods & Equipment

BUSINESS LEASE CAR POLICY

Senior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15)

Information Governance Plan

Contact: Environment and Green Technologies Department Phone:

Fixed Asset Policy & Procedures

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

CENTRALLY MANAGED PROCESS MINIMIZING RISK MAXIMIZING REMARKETING VALUE

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Policy Document Control Page

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0

The guidance applies to all records, regardless of the medium in which they are held, including , spreadsheets, databases and paper files.

Plug-In to ecycling Guidelines for Materials Management

Fixed Assets Policy. Control over Assets

BIG LOTTERY FUND Document archive and retention policy

HSCIC Audit of Data Sharing Activities:

Chain of Custody of Forest Based Products - Requirements

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Information Security Assurance Plan 2015/16

End-of-life vehicles. Information for authorised treatment facilities

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

QSS 0: Products and Services without Bespoke Contracts.

AUDIT & PERFORMANCE REVIEW COMMITTEE ON 26 TH SEPTEMBER 2007

Information Governance Framework and Strategy. November 2014

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

A Guide to Minimizing the Risk of IT Asset Disposition

Mobile Phone and Remote Access Policy

Bloomsbury Colleges Environmental Policy Statement

Transcription:

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY Version: 1.4 Ratified by: Date Ratified: 14 October 2014 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: 14 October 2014 Review date: October 2016 Target audience: Information Governance, Records Management and Caldicott Committee Matthew Rawles, Chief Technology Officer, South West Commissioning Support Unit (SWCSU) Information Governance, Records Management and Caldicott Committee Organisation-wide

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY CONTENTS Section VERSION CONTROL Page 1 INTRODUCTION 1 2 PROCUREMENT OF INFORMATION TECHNOLOGY EQUIPMENT 3 INFORMATION TECHNOLOGY EQUIPMENT DISPOSAL 1 4 STAFF RESPONSIBILITIES 2 5 PURCHASE AND DISPOSAL RECORDS 2 6 REVIEW 2 7 MONITORING COMPLIANCE AND EVALUATION 3 Appendices APPENDIX 1 RicoTech Business Summary 5 APPENDIX 2 RicoTech SLA (Updated March 2013) 9 i 1

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY VERSION CONTROL Document Status: Final Version: 1.4 DOCUMENT CHANGE HISTORY Version Date Comments 1.0 19 March 2014 Drafted 1.1 25 March 2014 Added appendix with RicoTech documents 1.2 14 April 2014 Added Review & Monitoring Compliance and Evaluation sections, updated 2.4 to include required EoL date. 1.3 August 2014 Policy disseminated to Information Governance Records Management and Caldicott Committee for amendments. 1.4 October 2014 Amendments received from Committee members. Policy amended to reflect changes. Equality Impact Assessment (EIA) Form OR EIA Screening Form completed. Date: Screening Form 14 October 2014 Sponsoring Director: Author(s): Lucy Watson, Director of Quality, Safety and Governance Matthew Rawles, Chief Technology Officer, SWCSU Document Reference: i

ii

INFORMATION TECHNOLOGY EQUIPMENT PROCUREMENT AND DISPOSAL POLICY 1 INTRODUCTION 1.1 The Somerset CCG is committed to ensuring all information technology procurement and disposal complies with the latest version of the Standing Orders, Scheme of Delegation and Standing Financial Instructions Policy. 1.2 This document lays out a procedure for procurement and disposal of information technology equipment. 2 PROCUREMENT OF INFORMATION TECHNOLOGY EQUIPMENT 2.1 Information technology purchases must follow the guidelines set out in the Somerset CCG Standing Orders, Scheme of Delegation and Standing Financial Instructions Policy. 2.2 All purchases must be authorised in accordance with limits of budget authority delegated by the Director of Finance and Performance and Acute Commissioning Directorate. Budget limits are applied electronically to users of Oracle. 2.3 Orders must never be originated and authorised by the same person. 2.4 Information technology will be subject to a rolling upgrade programme which will be determined by the current state of technology and the requirements of the Somerset CCG. An End of Life date will be applied to all new equipment purchases, and stored in the asset register. This will apply to equipment such as: computer monitors and printers computer base units servers purchased for GP surgeries 3 INFORMATION TECHNOLOGY EQUIPMENT DISPOSAL 3.1 Equipment deemed unserviceable must be disposed in compliance with European Commission Directive on Waste Electrical and Electronic Equipment (WEEE) and European Commission Directive on the Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment (RoHS). 3.2 The Somerset CCG use RicoTech Ltd to provide secure disposal of information technology equipment in compliance with European Commission directives. A copy of the RicoTech business summary is included in Appendix A and a copy of RicoTech s SLA is attached in Appendix B. 1

3.3 Equipment disposal must be recorded and amended in the financial asset register as detailed in the Somerset CCG Standing Orders, Scheme of Delegation and Standing Financial Instructions Policy. 4 STAFF RESPONSIBILITIES 4.1 The Director of Quality, Safety and Governance is responsible for ensuring compliance with this policy. 4.2 All staff are required to report unserviceable equipment to the South West Commissioning Support Unit (SWCSU) Information Technology Team based at Wynford House. 5 PURCHASE AND DISPOSAL RECORDS 5.1 All purchase orders must be held in either electronic or paper form with quotations where necessary. Delivery paperwork should be filed with the purchase order. 5.2 Asset numbers or appropriate unique identifiable information should be recorded in the Information Technology Disposal Register. This is held in the SWCSU Information Technology team. All disposal entries should be witnessed and signed to verify correct disposal. 6 REVIEW Process for Review 6.1 In accordance with the Somerset CCG s policy for the Development and Management of Procedural Documents, this policy will be reviewed every two years. 6.2 The Governance Committee will be responsible for monitoring and reporting on review dates and the Director of Quality, Safety and Governance will be responsible for reviewing the policy in accordance with the review arrangements described above. Version Control 6.3 The version control process for this policy will include: a sheet at page (i) of the document demonstrating the version control process which includes document status and current version to be completed by the Author and Sponsor Director the document change history, which will be recorded on this sheet an assigned number to aid tracking and retrieval and this will be evident on the final document before filing or placing on the website; this action will be undertaken by the Corporate Services Manager 2

7 MONITORING COMPLIANCE AND EVALUATION Process for Monitoring Compliance 7.1 A rolling programme will be agreed by those committees approving and ratifying this policy and the Information Governance, Records Management and Caldicott Committee and the Remuneration Committee support the audit programme and policy implementation in practice on a minimum two year cycle. 7.2 The responsible persons for reviewing results and monitoring performance will be the: Director of Quality, Safety and Governance Head of Corporate Governance Key Performance Indicators and Evaluation Criteria 7.3 The Key Performance Indicators/Evaluation Criteria to support the monitoring of compliance and effectiveness of this policy will include: comparing End of Life dates with Disposal dates comparing Asset Register with Disposal reports from Ricotech 3

4

1 SUMMARY OVERVIEW OF RICOTECH FOR THE NHS 1.1 RICOTECH are a highly professional and conscientious company that specialises in the totally secure and environmentally compliant collection, disposal and recycling service for all types of IT and Telecoms equipment. 1.2 RICOTECH have been growing steadily over the past 6 years by providing the highest level of service and guarantees of data processing ensuring that data never has the chance of leaking into the public domain and that their clients meet every rule and guideline of waste management regulations and the WEEE Directive 2013. RICOTECH also ensure full compliance for our clients under the Data Protection Act. 2 ACCREDITATIONS 2.1 RICOTECH are currently in the process of achieving ADISA (Asset Disposal and Information Security Alliance) certification and expect to be fully certified in April 2014. This would make RICOTECH the only ITAD (IT Asset Disposal) company in the South West of England. The ADISA standard is now being used by some sectors of the NHS to help ensure that the company it choses meets the necessary standard. 2.2 Clients that use the exclusive service of RICOTECH include THAMES WATER since 2006, SOUTHERN WATER, WIPRO, Devon and Somerset Fire and Rescue Service and HIGOS Insurance Services. 2.3 Other clients also include many of the largest schools and colleges in Somerset, local and district Councils, large and small legal practices along with all sorts of other businesses. One of the main focuses of RICOTECH is on managing their own internal processes to protect their customers most sensitive data. This is done by tracking every single item that is collected via an electronic bar coded database system. Each item is tracked through a comprehensive process to fully audit, de-tag and to completely destroy any data held. To compliment this, RICOTECH have just completed the development of a new warehouse, specifically designed for the Computer Recycling Business. In 2013, RICOTECH achieved recognition for their business and environmental accreditation via ISO 9001 and ISO 14001. 2.4 As an ISO 9001 and ISO 14001 accredited company, RICOTECH take pride in having solid business processes in place which include Standard Operating Procedures for all its business areas, Staff training records, Health & Safety Policy, Environmental Policy, Complaints handling and Internal Issue Management. 2.5 RICOTECH are an Environment Agency Accredited T11 Treatment Facility for the processing of Computer and Telecoms related WEEE. We are also licenced to transport and store all other sorts of WEEE (Waste 5

Electrical and Electronic Equipment) therefore offering their clients the complete WEEE Collection and Disposal Service. All non IT WEEE is segregated at our warehouse, prior to transporting on for final processing by our chosen Approved Authorised Treatment Facilities who all offer their own world class WEEE material recycling facilities. 3 DATA DESTRUCTION 3.1 Our data destruction facility eliminates all traces of data from PCs, laptops, servers, printers, tablets, Switches, PDAs and much more, meeting industry standards for data sanitisation. Data wiping ensures the maximum amount of equipment can be reused for its original intended purpose, reducing any unnecessary waste. 3.2 This professional data destruction service guarantees your business meets all its legal data protection obligations when disposing of all equipment that might contain data. 3.3 The data destruction process includes pattern wiping via a minimum 7 pass wipe with verification. 3.4 If for any reason a hard drive cannot be accessed, we will remove and physically destroy it by degaussing and then shredding. 4 SECURE COLLECTIONS 4.1 The vehicles we own and use to transport the WEEE are medium and large panel vans which are all fitted with trackers and security which is necessary to protect any data that may be held on any data holding devices including Computer, Laptop or Printer Hard drives as the primary example. 4.2 The fleet of vehicle s that RICOTECH run are all less than 4 years old and are aimed at providing a fast and highly economical service to its customers. Each vehicle can carry between 1 and 1.5 tonnes. 4.3 Recently, RICOTECH were able to respond to a request from an existing customer to provide all of the IT Equipment Logistics services for the UK s largest Water Utility in delivering new and then collecting over 5000 redundant items of IT equipment (Around 70 Tonnes) in the space of three months, with the average journey distance of over 100 miles each way due to the vast estate of the business involved. All targets were met, including many very late requests for providing a next day service. 5 COMPREHENSIVE REPORTING 5.1 The reports that to be supplied will be as follows; IT & Telecoms Equipment Audit Report 6

A full audit report Make, Model, Serial Number, Asset Tag details (if applicable) and unique individual barcode number allocated by RICOTECH for tracking purposes. The report will include an estimate of the weight of the load based upon accurate estimates per individual types of units: Monitors (with CRT being Hazardous), PCs, LAPTOPs, Printers etc. all have different estimated weights Guaranteed Data Destruction Certificate A report detailing the Make, Model, Serial Number, Asset Tag details (if applicable) and unique individual barcode number allocated by RICOTECH of each item that could contain data (Servers, PCs, LAPTOPs, Printers, etc) WEEE Disposal Certificate A report including a summary of all of the equipment on the above reports, confirming that the all of the WEEE has been processed according to the latest WEEE regulations. 5.2 In addition to these reports, RICOTECH will provide the required Waste Transfer Paperwork to cover collections of the waste along with Hazardous Waste Consignment Notes for when a collection contains anything hazardous (CRT monitors). 6 COST NEUTRAL SERVICE 6.1 RICOTECH is able to offer NHS South West Commissioning Support Unit a cost neutral service. This means that RICOTECH will offset any costs incurred through the collection, transportation, processing and reporting of the IT and Telecoms Equipment by maximising the financial returns it gets from processing the equipment through to re-use or recycling. Maintaining a ZERO landfill policy, RICOTECH refurbish the equipment to the highest standard using qualified technicians and then use as many end user channels as possible to enable those who chose to, or are unable to afford new computer equipment. Some of the lower specification equipment is sold in volume, however where ever possible, individual units are sold. Where re-use of an entire unit is not viable, then parts within a unit are always examined and where feasible, are marketed accordingly. Only after this, does the equipment get segregated and then transported for final material recovery, with ZERO of the waste, ending up in landfill. 6.2 Should the NHS South West Commissioning Support Unit need to dispose of unwanted equipment that is less than 3 years old (typically within the manufacturer s warranty period), RICOTECH are able to offer positive returns by using a joint initiative, where the potential value of the equipment is assessed together before RICOTECH re-market the items with an agreed share being returned to the organisation depending on the work involved. 7

7 ADDITIONAL VALUE FUND RAISING OPPORTUNITY 7.1 RICOTECH would like to propose an additional scheme to NHS South West Commissioning Support Unit called DONATE IT. This is a scheme that provides the facility for staff, supporters and any other contacts to donate their personal unwanted but complete LAPTOPs or PCs and in return a financial donation, which is made on behalf of the donator, to any project, charity or other good cause selected by NHS South West Commissioning Support Unit. Various other organisations of the NHS have shown an interest in the scheme. Further information is available at www.donateit.co.uk 8

9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information