Author Archives: Castaway Tech

i-SIGMA Renews Castaway Technologies’ NAID AAA Certification

The Castaway Team did it again!  i-SIGMA, the leading global trade organization and credentialing body for information security, just recertified Castaway Technologies with its NAID AAA Certification. This designation is the “gold standard” in data destruction qualifications and best practices.

Unannounced, comprehensive audits of our facilities and work practices by i-SIGMA representatives demonstrated Castaway’s full compliance with all critical aspects of safe hardware handling and data security. Following the latest audit, our NAID AAA Certification was forthrightly renewed.

Team Shout Out

This quality control accomplishment is the direct result of our employees’ efforts to maintain industry-specified best practices in data destruction and electronics recycling. It’s important to recognize that continuous training, conscientiously following best practices and employee accountability need to be exercised daily for an organization to receive the NAID AAA Certified credential.

We are extremely grateful to every Castaway team member for their crucial role and hard work in helping our firm remain New England’s leader in secure IT Asset Disposition (ITAD) services.

To be quite frank, the qualification requirements are extremely rigorous and demanding! But the reality is, if these stringent rules were followed by every business in the data handling and destruction industry, fewer data breaches would occur and identity theft risk would be greatly reduced. Fortunately, the NAID AAA Certification is your assurance of working with a safe and reputable electronics recycler and ITAD service provider.

What NAID AAA Certification Means for You

Global and national data protection regulations require many types of businesses to perform initial due diligence and continuous monitoring of data destruction service providers. Requiring NAID AAA Certification® of your data destruction service providers fulfills your organization’s regulatory obligation.

NAID AAA Certification requirements are designed specifically to verify & monitor regulatory compliance and security best practices so you can relax knowing the Castaway team has you covered.

More About NAID

NAID, a division if i-SIGMA, is the recognized standards-setting organization for the information destruction industry. Their rigorous standards and auditing process supports businesses and institutions around the world by helping them meet compliance with the laws and regulations that mandate the protection and confidentiality of customer information.

Castaway Technologies is pleased to partner with NAID so that our clients can rest assured of their regulatory compliance for every IT asset entrusted to our care for data destruction and recycling.

If you have questions about the security of the data on your offline or discarded electronics, contact us online or call to speak with an ITAD expert today at (978) 208-4730.

HIPAA Compliance: Not A Choice, It’s the Law!

Most people don’t like others snooping around in their personal information. That includes their healthcare information. Because of the Health Insurance Portability and Accountability Act (HIPAA), people in the business of healthcare especially don’t want anybody intruding on their patient data.

Businesses must comply with the HIPAA rules governing handling and protecting the privacy of healthcare Patient Health Information, whether in physical (PHI) or digital (ePHI) format. The penalties for violating HIPAA laws can be quite severe. This applies to actions by your company, its employees and partners, as well the inappropriate use and disposal of equipment used to process patient information, such as printers, faxes, and scanners.

HIPAA and PHI/ePHI

Most people have heard of HIPAA. Whenever you go to your doctor, you need to provide your patient and insurance information for further care. This requires informing you of your privacy rights and how the practice will use this information, such as storing it in an Electronic Health Records system so it will be protected and available to the practitioners delivering health services.

The origin of HIPAA lies in the 1996 law that allows workers to carry forward their insurance and healthcare rights when they change jobs. Since then, HIPAA has evolved to be a far more comprehensive law. According to Stellar Data Recovery, the Privacy Rule of HIPAA marks all individually identifiable health information as protected health information. PHI includes, but is not limited to the following:

  • All demographic data
  • Common identifiers like name, address, social security number, etc.
  • All past, present, and future information related to the physical and mental health condition of an individual
  • Healthcare provision available to an individual
  • Past, present, and future payment for the healthcare provisions

Ignorance Is Risk

Every day, PHI data is at risk of being accessed by people who should not have access. Typically, these breaches are for financial gain. Ransomware attacks, where hackers hold health care facilities hostage until they are paid a ransom, and other types of security breaches have been increasing every year. The HIPAA Journal reported that in 2009, there were 18 breaches of over 500 records. This number increased to 642 in 2020 (1.76 per day), including:

  • Hacking/IT incidents with malware – 429
  • Unauthorized access/disclosures consisting of employee errors, negligence, acts by malicious insiders – 143
  • Loss/Theft of PHI and unencrypted ePHI – 54
  • Improper disposal of PHI/ePHI – 16

Even accidental incidents can expose your company to risk. For example, in 2019, an eye doctor practice discovered historic records of its patients had been discarded in a dumpster instead of being securely destroyed. This affected 7,983 patients. The records contained information such as names, addresses, dates of birth, Social Security numbers, clinical information, and billing information related to patients who visited the practice between 1997 and 2003. Fortunately, with the help of law enforcement, the practice was able to quickly respond and determine that it was unlikely that any third party had access to the information.

Click to expand.

Ignorance offers no protection from HIPAA violation penalties which can be severe with multi-million-dollar fines, ranging from Tier 1 to Tier 4:

  • Tier 1 – unaware of HIPAA violation ($100 – $50,000/violation)
  • Tier 2 – reasonable cause company knew about violation ($1000 – $50,000/violation)
  • Tier 3 – Willful neglect with correction within 30 days of discovery ($10,000 – $50,000/violation)
  • Tier 4 – Willful neglect of rules and no effort to remedy within 30 days of discovery ($50,000/violation)

How can you Protect Your Business and Data?

It is crucial any organization that administers healthcare information (Think of your own HR Department) to protect PHI/ePHI data, by continually training employees, updating threat detection technology, and implementing effective protection policies and procedures.

The best practice is to implement policies and procedures that keep you in full regulatory compliance. An expert in IT Asset Disposition (ITAD) processes such as Castaway Technologies can assist you in ensuring that your business will pass an independent audit by managing and recording everything critical to proper electronics disposal including:

  • Chain of Custody
  • Certification of proper E-Waste disposal
  • Serialized Inventory Audits
  • Detailed Data Destruction Records
  • Transfer of Ownership

Castaway can cost-effectively remove and document all of your retired data-bearing assets according to HIPAA regulations. You’ll be assured that disposal is safe, secure and compliant. And importantly, you’ll have accurate documentation for every IT asset handling and disposal requirement.

For further information about HIPAA compliance in matters concerning your offline electronic assets, contact us online or give us a call at (978) 208-4730.

Could Your Discarded Printer Leak Proprietary Data?

Absolutely! In fact, scenarios like the following are relatively common: A growing company bought a used, high quality color printer at a bargain price from a used equipment outlet. It was quickly installed and running fine on the company’s network.

When an IT staff member decided to configure the printer to receive documents from another facility, she discovered that there were network connections and emails saved in the printer’s memory. There were also documents that had been previously on the printer’s disk drive still stored on the printer’s internal storage.

Apparently, the previous owner had simply disposed of the printer by selling or trading it in to the office supply store without properly ensuring that any lingering data was wiped off. Coincidently, the printer’s original owner was a key competitor of the new owner. Clearly the proprietary data left on that printer was at risk.

Why Printers Can Put Data at Risk

As innocent and “dumb” as your office printer may seem to be, it’s actually quite sophisticated in its ability to manage, receive and send data because of a few key components:

  • Volatile (RAM) and non-volatile memory
  • Disk storage
  • Network connection

Today’s printers contain memory and other storage (e.g., disk drive) to manage all sorts of information transactions such as printing, faxing, scanning and emailing.

Convenience Can Add Risk

Earlier generation printers used only volatile RAM memory which does not continue to store data when the power is turned off. Today’s non-volatile “flash” memory and disk storage retain data until it is overwritten – even when the power is shut off. For a user, this can be beneficial to print a previously printed document or access previously stored documents, scans, print logs, fax logs, network connections and recipient emails. Depending on the amount of memory and disk space in the printer, some of the information may persist on the printer for days or even weeks before being overwritten.

Because printers can be configured to connect to a network, users can easily send and receive documents between multiple locations and recipients. Unfortunately, any network connection can also open the printer to potential external threats such as malware, particularly when the printer security is not properly configured.

Security research firm Quocirca noted, “For many organizations, their cyber-attack surface area is increasing as connected Internet of Things (IoT) endpoints proliferate. These include both legacy and the new breed of smart printers and multifunction printers (MFPs).” Malware that is inserted on a printer will present a risk not only to the company that currently owns the printer, but a future owner when disposed of improperly.

Proper Printer Disposal

When a printer is deemed at its end-of-life (EOL), some companies simply disconnect it and sell it, or dispose of it like any other trash. Unfortunately, the risk of data loss from a printer is just as great as from other computing devices such as desktops, laptops, tablets, and phones, especially when they are not properly decommissioned.

To reduce risk and meet certification compliance requirements for your industry, your printer’s media (memory, disks) should be sanitized prior to the transfer of chain of custody (ownership) process from your company to wherever it goes, such as a sale to another company or person, a donation to a charity or permanent disposal.

Destroying or Sanitizing Your Printer

There are multiple technologies available today that claim to be capable of cleaning your printer of all data. Let’s take a look at these to help you determine the best approach to ensure there is no risk to your organization when disposing your printers.

Shredding physically destroys the hardware reducing it to small e-waste pieces that are unusable. Remember, because shredding typically must be handled offsite, while the printer components are in transit to be shredded, your data is still at risk so it’s crucial to use a trusted, certified vendor. Look for the NAID AAA Certification to find the best qualified vendor.

Because the media where the data resides is magnetic, degaussing demagnetizes the media and thereby destroys the data. But this technology also has its limitations. It cannot effectively sanitize all storage media, flash memory devices, and solid-state drives.

Data-bearing Asset Disposition

As a leader in IT Asset Disposition (ITAD), Castaway Technologies recommends data erasure as the best practice. This technology, also referred to as “data wiping,” overwrites the existing data without destroying the device itself. Unique binary patterns are applied to essentially mutilate the data making it meaningless. This technique sanitizes hard drives, solid-state drives, and any other media without generating any e-waste.

Castaway focuses on the protection and safe destruction of all confidential, proprietary and personally identifiable information (PII) associated with IT assets that have reached the end of the IT lifecycle, including printers. Its CastTRAC service makes it a priority to ensure all IT assets are accounted for, data is eradicated, risks are mitigated and compliance standards are met. In the event of a breach incident or audit, CastTRAC provides 3rd party validation, chain-of-custody documentation, detailed disposal records and industry certifications.

For further information about how you can safely dispose of your printers and other electronic devices, contact us online or just give us a call at (978) 208-4730.

Castaway Partners with Morgan Records Management

We’re pleased to announce a new partnership to expand our services, now providing secure document scanning and shredding. The following press release was recently published and distributed on PRlog.org.

FOR IMMEDIATE RELEASE

Morgan Records Management Partners with Castaway Technologies to Provide Secure Document Destruction

Lawrence, Massachusetts – September 24, 2020:  Castaway Technologies announced today that Morgan Records Management, based in Manchester, NH, has become a partner to provide secure data destruction for organizations disposing of corporate and personal documents and paper records.

Cameron Deery, President of Castaway Technologies, stated, “This partnership closes the loop for totally secure data destruction across all media, including paper. Our clients can have full confidence in our collaboration with another NAID AAA certified company like Morgan Records Management.” Morgan brings to the partnership expertise in paper medical record and document compliance, scanning, storage, and shredding, which directly complements Castaway’s managed IT Asset Disposition (MiTAD) services for the proper protection, handling and disposal of data bearing assets and other electronic equipment. A Morgan representative stated, “Morgan Records Management is a leading service provider for document scanning, storage and destruction. As a nationwide full-service solution company, we increase the efficiencies of businesses while reducing their costs. Partners like Castaway Technologies allow us to increase those efficiencies while providing top quality service.”

Both companies are among a handful of data destruction service providers in the Northeast that have earned the coveted AAA Certification industry credential awarded by NAID® (National Association for Information Destruction), which sets the standards for best practices in the ITAD industry. As published on the official NAID® website, “NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. This rigorous process supports the needs of organizations around the world by helping them meet numerous laws and regulations requiring the protection of confidential customer information…”

Announcing Castaway’s Cast-in-Box Service!

Secure IT Asset Disposition and Electronics Recycling Now Convenient from Anywhere!

In this era of change brought on by the COVID-19 pandemic, employees working from home with company-owned and personal IT assets bring more challenges to secure data destruction, hardware recycling and disposal. When the vast majority of people worked at company sites, gathering and keeping electronics in one secure location for pick-up by ITAD vendors and recyclers was simple. The situation drastically changed over the course of one month – March 2020 – and now we find ourselves in a different working world.

Fully Secure Remote ITAD Service

Just how do you provide a secure way for all these people spread around your state or the whole country to remove and safely dispose of desktops, laptops, tablets, phones and other data carrying devices? For Castaway Technologies, it’s to ship and deliver specially designed and digitally tracked box containers to clients for simple, easy disposal.

You, your staff and any remote employees just cast their retired devices into specially supplied recycling containers and securely ship them back to our Massachusetts facilities for fully certified and documented processing. Our new service covers all 50 states!

Castaway’s innovative Cast-in-Box program greatly simplifies comprehensive ITAD services in the age of social distancing and working from home. All electronics & IT assets are collected and shipped back easily and safely. All data is securely destroyed and all materials are properly recycled. We offer over a dozen different flat rate box/container sizes depending on your specific needs, shipped flat and complete with a paid return mailing label.

Easy as Using a Hopper

What’s easier than tossing something away and forgetting about it? Not much, and that’s how easy we’ve made Cast-in-Box for our clients! We supply the right-sized shipping containers to your facilities or the homes of remote employees. All your people do is fill the box with disposable/recyclable electronics, apply the pre-paid supplied shipping label and send it back to us via UPS or USPS. It’s that simple. Just cast it in a box and we’ll do the rest!

Safe, Secure and Tracked

As always, you’ll receive fully certified data destruction documentation for the contents of every Cast-in-Box container you send back for processing. As a NAID AAA certified ITAD provider, you can be assured of the security and safety of our program. It’s fully transparent, trackable and documented for your organization’s protection.

Do you need Cast-in-Box boxes to make your electronics recycling easier?

For details about this convenient service or to order boxes, please call Jay Marchand at (978) 208-4730 or contact us online.

Your ITAD Safety and Compliance Continue to be Essential

Data and Hardware Security – Now More than Ever!

As we work our way through the pandemic crisis, one thing is certain: IT Asset maintenance and disposition remains critical to our IT security infrastructure. ITAD requirements are not going away. They remain essential to data security and safety compliance for virtually all organizations. The operations of our country’s SMBs and corporate enterprises depend on it. But how can business stakeholders continue to follow proper ITAD procedures with downsized staffs and uncertain revenue streams? The solution is to secure your assets safely now while planning for the future.

Why is ITAD Critical Right Now?

“The global Covid-19 health crisis has affected all of us. One of the impacts we see with most of our customers is a very sudden shift to remote work, regardless of the organizational and infrastructural readiness. We realize this is imposing significant pressure on IT departments around the globe”, noted Lansweeper.

The International Association of Information Technology Asset Managers (ITAM) recently noted, “If you’re sending employees home to work in response to the Coronavirus, then you need an IT Asset Disposition service or partner to provide you with an efficient and sustainable plan.” You will need help with work-from-home resources and supply chain interruptions. In both these cases, managing the logistics for continued productivity are core competencies for ITAD professionals.

Corporate strategic plans need to change. Wistek comments, “Most large organizations will have pandemics or ‘Acts of God’ on their risk registers, yet the chances that they have an off-the-shelf action plan which will facilitate the immediate working from home for nearly all employees is unlikely.” No matter the size of your business, you should work with an ITAD professional who can help you secure your IT assets whether you are furnishing your employees with remote devices or protecting your onsite hardware and networks.

Use a Certified ITAD Service Provider

Castaway Technologies has been designated an “essential” service provider and holds the highest industry credentials – NAID AAA Certification. We are part of the critical IT infrastructure, remain open for business and are fully operational while following new health and safety protocols. We take this important role in the IT critical infrastructure supply chain very seriously and are working hard to maintain full service for our clients.

Always looking ahead, we have been prepared for a major disruption like this pandemic because we give priority to our ability to adapt, respond and always follow the latest best practices.

Our staff is qualified, trained and ready to perform services on- or off-site for you. We follow federal and state guidelines, including social distancing, surface sanitation, personal mitigation measures and health monitoring, as well as implementing new protocols and safeguards at client premises. We are flexible to address any of your concerns and will comply with special requirements asked of us to maintain safe work practices. Wherever possible, we are using technology to communicate in real-time with our entire team.

New Facilities for Improved Logistics

As previously announced, in order to improve logistics and our ability to respond to your ITAD service needs, we recently moved to a renovated facility at 637 Andover Street, Lawrence, MA. Being right off Interstate 93 on the main road going into Lawrence, this location provides secure space for additional growth and easier access for our customers, vendors and staff.

If you have questions about your ITAD services during this pandemic and through the recovery, or would like help with strategic planning for post-pandemic ITAD best practices, give us a call to review and improve your systems and processes at (978) 208-4730.

COVID-19 UPDATE

Castaway Technologies remains open for business and fully operational. We play an important role in the IT and data center critical infrastructure supply chain and are working hard to maintain full service for our clients.

Castaway adheres to all government regulations and public health guidelines to facilitate appropriate social distancing and protection for our employees and clients. We have implemented new protocols and safeguards within our facilities and at client premises. We are flexible to our clients’ needs and will comply with any special requirements asked of us to maintain safe work practices.

Thank you for your support and understanding during this time. While some delays may be experienced because of new requirements and protocols, the safe, secure and environmentally responsible processing of all equipment and material received will be as thorough and meticulous as ever.

Feel free to call or email us anytime. We’re here answering questions and service requests as always.

Please stay strong, safe and healthy!

Securing IT Hardware Assets – An Opportunity for MSPs

Differentiation in Managed IT Service Businesses

Companies – whether small, medium, or large – are experiencing continuous pressure for change in computing resources. Software is changing from proprietary solutions to open source, and hardware architecture is rapidly moving to the cloud for convenience and performance. C-level executives are looking for ways to remain competitive while limiting security risks.

While Managed Service Providers (MSP) are positioned to provide this advice, most are focused on traditional IT services and underestimate the IT Asset Disposition (ITAD) compliance requirements that companies now face. This provides an advantage to those IT advisors who are well-informed and pro-active to take advantage of the growing opportunity of partnering to provide comprehensive ITAD services, truly closing the professional IT services loop.

Growing IT Hardware Security Risks

The growing number of computer hardware devices approaching end-of-life combined with not knowing how to appropriately dispose of them is becoming a huge risk to companies and their IT staff and service providers. ITAD is still a relatively new and emerging industry that was created out of necessity in the era of ever-tightening data security requirements.

Unfortunately, ITAD has not been the focus of most IT professionals tasked with managing those devices. This is true for Managed Services Providers (MSP) as well. For example, some of the MSPs who say they have an “ITAD” solution are unaware of the compliance requirements for documented chains of custody and appropriate service provider certifications. This problem is growing as more and more companies move their computing resources to the cloud.

According to a report by Zion Market Research, “The global IT asset disposition market is anticipated to showcase an impressive growth trajectory… The global IT asset disposition (ITAD) market was valued at USD 11,326.14 million and expected to reach around USD 18,703.42 million by 2022 with [a] CAGR of 8.33% between the years 2016-2022.”

Companies will be looking to their IT advisors for more than the usual IT services of installs, upgrades, online security and credentials. They are looking to their MSP to provide the answers. One of those questions is what to do with their hardware and devices. Simply hiring somebody to take the equipment “away” is not the answer.

To continue to maintain client trust, it is beneficial for MSPs to understand the role of ITAD within the hardware lifecycle and the associated security risks it presents to the customer. Is your company in the IT Services field or do you describe your company as a Managed Service Provider?

ITAD Compliance and Certification Requirements

MSPs who are disposing hardware and do not have ITAD certification could be creating potential risks for their customers. For example, if you hire or refer your client to an uncertified company (or a guy with pick-up truck who “gets it done”) to dispose of equipment, you are not destroying the data and documenting the process, as required by law in many cases, to prevent somebody from later recovering the data from those devices.

Compliance requirements include following federal and state industry laws and regulations as well as providing documentation. They include:

  • Environment-friendly and certified recycling
  • Detailed financial regulatory reporting
  • Data sanitization/Data destruction
  • Transfer of ownership and liability
  • Value recovery
  • Detail-oriented processes

Differentiate Your MSP Business 

If your company does business as an MSP, you are your customer’s direct contact for identifying potential risks and advising on how to manage them. If you are not currently providing certified ITAD services, it’s possible you could be losing business to your competition who is offering these services. Remember the forecasted growth in the ITAD industry!

You have an opportunity to differentiate yourself by adding value with ITAD services, by either getting certified and providing the services yourself or by working with an experienced certified partner. Clearly the latter approach offers you an immediate turnkey solution and one that allows you (the MSP) to stick with your core competencies.

Working with a Certified ITAD Partner

By working with a partner who is ITAD certified, you not only protect your customer and your own business, but you also gain greater trust with your customer.

Castaway Technologies is NAID AAA Certified. Our professionals are white glove experts who are comfortable and versatile in working with clients of all sizes from the SMB to very large-scale clients like hospitals, universities, and enterprise companies. The company started as an ITAD service provider and continues to specialize only in ITAD services.

Castaway is the safe bet when it comes to ITAD partnering, not only for their expertise but also because of their professional drivers and technicians who are background-checked, drug tested and comfortable working in any business environment.

Castaway makes the ITAD process for you and your customers much easier! Proven chain-of-custody and documentation processes document all IT asset handling and certified media and hard drive destruction and data sanitation services. The company also gives back to the community by providing quality computer equipment to area nonprofits who need them. Essentially, Castaway provides everything you and your customers need for ITAD.

What’s Next?

ITAD is a growing and pervasive need that is not going away. Take advantage of this opportunity.

Companies may be retiring hardware to move to the cloud, but many will continue using a percentage of hardware assets onsite. All these devices have end-of-life disposal requirements. Cloud companies need ITAD, too. All those redundant servers and data centers require hardware replacements creating additional ITAD opportunities. Castaway understands and continually studies these changes and we’re poised to scale up our business to serve clients well into the future.

For further information about ITAD and its certification requirements, and how you can take advantage of the changing market, give us a call at (978) 208-4730.

Good Questions to Ask about Data Destruction

Every day the media publishes stories about companies whose data resources are hacked, resulting in loss or theft of private, corporate and personal data. While many of these incidents involve people using online computer devices with all sorts of security technology, hardware, software and processes in place, they also involve organizations and municipalities whose hardware assets were retired, but not properly processed, i.e., sanitized, destroyed or disposed of.

How is this possible today? This can happen when the vendors or employees in which the company places its trust are not qualified to handle such an important task. The key to understanding this issue comes from asking your vendors the right questions.

Inform Yourself

There are basically two methods for destroying data: erasing the data from the device or physically destroying the device. Here are what you need to consider.

Option 1: Erasure.  Numerous websites and vendors sell “data erasure software and services”. Some even offer “free” or “shareware” data erasure software. These promise to eradicate data from the associated hard disk drives (HDD), Solid State Drives (SSD), tablets, smartphones, etc. Data erasure is also referred to as “data clearing”, “data wiping”, “data sanitization” and “data destruction.”

This solution option uses software to overwrite the data with 1s and 0s with the purpose of destroying all electronic data residing on the digital media. But is this method 100% effective? Can you rely on a technician at your company to manually perform this task successfully as the volume of end-of-life devices increases? Also ask yourself, if a breach occurs, do you have the appropriate documentation to defend yourself and your employer?

According to Security Boulevard, New research has discovered that “globally, organizations’ overconfidence in their data sanitization methods makes them more vulnerable to a data breach: …36% reported relying on inappropriate data removal methods—using data wiping methods such as formatting, overwriting, using free software tools or paid software-based tools without certification or physical destruction (both degaussing and shredding) with no audit trail.”

Option 2: Physical Destruction.  Consumers and businesses are accustomed to shredding paper to destroy data. More recently, however, there are increasing options to “shred” your disk drives as an alternative method for data destruction. However, this service is not considered a particularly “green” option because the destroyed HDDs cannot be reused. Consumers and businesses need to weigh the pros and cons along with the cost considerations. Destroying hard drives can sometimes be more costly than erasure methods.

The vendor who is selling services to dispose of your IT assets must not only understand your data destruction requirements but also be an expert in the solution technologies to achieve those objectives. Ask your vendor about what certifications they have.  Are they NAID AAA Certified (National Association for Information Destruction)? NAID is the standard-setting body that advocates for the best practices in secure destruction.

IT Asset Disposition (ITAD) experts are supposed to have the knowledge and experience in industry standards and best practices for IT lifecycle management.  This involves continually updating their processes and certifications for limiting customer data liability. Your vendor should be capable of explaining the pros and cons of the different destruction options for disposing of your hardware and the associated costs.

Here are a few key questions you should ask your vendor about data destruction solutions.

Q: Can I perform the data destruction myself?

Consumers and companies who feel compelled to do the erasure themselves should first consider the necessary documentation for satisfying compliance requirements. This requires understanding the rules and taking the time to appropriately document each erasure. Doing it yourself may appear to “save a buck” but also opens the door to increased risk and expense.

The risks also apply to performing your own physical shredding. Examples of individuals performing their own low-cost and non-secure physical destruction options include drilling holes in hard drives, actually shooting them with bullets, slamming them with hammers/sledgehammers, dunking them in water, and other “homemade” solutions.  Each of these options “disables” the drive but does not completely remove the data.  As a result, many forensics experts would claim that data is still recoverable from these homegrown methods.

Q: Should I be cautious of low-cost data erasure solutions?

A: Low-cost solutions may not include certifications that meet the strictest standards. As a result, they often have higher failure rates on systems they process. Ideally, the erasure process should:

  • Allow for selection of a specified and recognized standard, based on your unique needs
  • Support erasure of the type and number of devices being erased, and
  • Provide verification that the overwriting method has been successful and has removed data across the entire device.

Q: Does the solution meet my compliance needs?

A: Verify that the vendor’s recommended solution meets your specific compliance requirements (e.g., Sarbanes-Oxley, PCI, HIPAA, HiTECH, NIST standards) and provides the related audit trails and reports you will need to retain or submit to regulatory authorities.

Q: Does the solution help us save costs by improving our process?

A: The best solution should provide cost-effective performance that meets your business data risk and compliance objectives and your device end-of-life goals. This requires both industry and technical acumen from your advisor. It also requires process automation that removes the manual reporting and processing.

Q: How long should a disk wipe take to complete?

A: A comprehensive erasure tool should securely overwrite any device at 30-40 GB per minute. New flash media and encryption removal technology can make this process even faster. Be aware that low-cost tools may lack the appropriate drivers and ATA commands to efficiently erase your device.

Q: How many times should an ITAD wipe a computer?

A: According to Bernard Le Gargean, Product Manager of Blancco Drive Eraser,  “One pass is enough. However, to ensure the overwriting process has been effective, major agencies and government bodies worldwide (NIST 800-88, NCSC, BSI and others) state that the verification of data erasure is mandatory for full compliance with their standards. Other research supports this idea.”

Q: How should I verify erasures?

A: Your vendor and solution should consistently check drive wipe results to verify that data erasure tools are functioning properly.

Q: How long should I store audit reports?

A: Store audit reports a minimum of 7 years or as required by your policy advisors or government regulators.

Q: What if I don’t have the time or manpower for this?

A: Work with a trusted and certified advisor.

Castaway Technologies believes you should be as informed as possible about the latest best practices for safely and securely mitigating risks involved with the turnover of data-bearing IT assets. This will allow you to focus on what really matters – running your business.

While most companies focus on the initial phases of the IT lifecycle, Castaway is the premier ITAD specialist that works with businesses and organizations to streamline the end of their IT lifecycle processes. Recently, Castaway was granted AAA Certification by NAID®, a division of the International Secure Information Governance and Management Association™ (i-SIGMA™). These organizations set the standards for best practices in the Information Destruction and ITAD (IT Asset Disposition) industries.

Q: So finally, what is the ideal data destruction solution?

A: The perfect solution would include either an onsite or full chain of custody program that would include software sanitization with documentation, followed by physical destruction. This may be cost-prohibitive, so consumers/businesses need to weigh all their options. This provides all the more reason to contact a NAID AAA Certified ITAD company like Castaway to discuss options and generate a customized program that fits a budget while meeting/exceeding requirements/compliance.

For further information concerning your company’s data destruction needs, contact one of our qualified ITAD professionals at (978) 208-4730.

Castaway Technologies Earns NAID® AAA Certification for Data Destruction

FOR IMMEDIATE RELEASE

Castaway Technologies Earns NAID® AAA Certification for Data Destruction

Methuen, Massachusetts – September 3, 2019:  Castaway Technologies has been granted AAA Certification by NAID® – National Association for Information Destruction. As the only true watchdog association that thoroughly audits data destruction providers worldwide, NAID® is a division of the International Secure Information Governance and Management Association™ (i-SIGMA™). These organizations set the standards for best practices in the ITAD (IT Asset Disposition) industry.

Only a handful of ITAD service providers in the Northeast have earned this coveted industry credential. Extremely rigorous safety, security and quality control protocols must be demonstrated and maintained to qualify for the NAID® AAA Certification.

NAID’s compliance specifications include more than 20 operational and security requirements that need continuous attention to details. A regimented and comprehensive audit policy requires certified member companies to operate under the agreement that they could receive an unannounced visit and audit on any day at any time. This gives Castaway Technologies a powerful incentive to apply and maintain the highest operation and service standards from minute to minute, every day.

As published on the official NAID® website, “NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. This rigorous process supports the needs of organizations around the world by helping them meet numerous laws and regulations requiring [the] protection of confidential customer information…”

Cameron Deery, president of Castaway, the Methuen, MA-based company remarked, “Becoming NAID AAA certified has been a goal of mine for several years. We are now in a very unique position with strong differentiation… The ITAD industry is growing rapidly and so is Castaway. This AAA Certification will differentiate us further, open new and larger doors and help fuel our growth even faster!”

Third-party certification by a peer-trusted, independent organization provides a simple and effective way for business clients to qualify a reputable data destruction service. The Federal Trade Commission (FTC) Suggests that service vendors be certified by a recognized and reputable trade association. NAID’s international network of highly qualified independent and accredited security auditors have earned the Certified Protection Professional accreditation from ASIS International.

Several years of preparation and successful implementation of NAID® standards has been taking place at Castaway Technologies even prior to receiving AAA Certification. Noting high team confidence in a recent memo announcing their successful certification, Deery noted, “Operationally, we just need to follow our existing procedures, i.e. no changes are required at this time.” One could get the idea that Castaway Technologies has been taking the NAID® AAA qualification and certification processes quite seriously all along.

###

Castaway Technologies is a Data Destruction and IT Asset Disposition (ITAD) solutions provider located in Methuen, MA. The company provides comprehensive IT asset disposition (ITAD), data destruction and electronics recycling solutions to businesses and institutions throughout the Northeast.

News Contact:  Cameron Deery

T. (978) 208-4730 | E. cdeery@castawaytech.com

Online at https://www.castawaytech.com