BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>>

PREVIOUS

   Current Article ID:3889

NEXT



Raising the Standards

Editorial Type: Industry Focus     Date: 03-2014    Views: 2349   







Launched in 2010, the Asset Disposal and Information Security Alliance (ADISA) has been busy working with a range of companies involved in recovering ICT assets to decrease the risk associated with data loss. So who are ADISA and why should it care?

With an ever-increasing focus on data protection, all potential vulnerabilities are being assessed. The business process of asset disposal is viewed by many as being simple, beneath them or even irrelevant. However, while cyber attacks may happen, all data carrying assets at some point will be retired. And unless the data on each media type is suitably sanitised, there is very clear potential for a data breach.

Those companies that provide asset disposal/recycling, brokerage or logistics services operate in a largely unregulated industry and, while there are many innovative and professional companies, the quality and ethics of companies can vary dramatically. Business end users are left unsure who to entrust with their reputation and brand when disposing of assets. This doubt is further exacerbated by a desire from end users to maximise financial return from old infrastructure, resulting in sourcing decisions, more often than not, being heavily weighted on financial reasons, rather the service quality.

CHANGING LANDSCAPE
With the widespread adoption of smart phones and tablets, the expertise required by companies recovering these assets is increasing. Not only do these devices retain more residual value, but they are also far more challenging to process. The attitude that secure disposal can be addressed by focusing just on traditional magnetic hard drives leaves businesses widely exposed to data loss from a range of other technologies and media types, and so the choice of partner is essential.

Furthermore, the changing data protection law is redefining the relationship between a data controller and data processor. This subtle, but significant transformation sees a legal liability now being shared between controller and processor, which makes choosing a partner even more important.

ADISA INDUSTRY STANDARD
Developed in conjunction with leading security and asset disposal experts, the ADISA industry standard was launched in 2011 and has evolved each year. With over 150 separate criteria and a strong emphasis on transparency with the data controller, the ADISA certification programme offers end users confidence that their partners operate strong processes and are also under constant supervision, thanks to the continuous auditing programme. Full regular audits are supplemented by the far more challenging unannounced range of audits. These can vary from simple spot checks through to full forensic assessment.

Thanks to this audit process, it is essential that ADISA members are fully committed to not only achieving certification, but maintaining and, for many, exceeding it. Their vigilance is necessary, as to date three companies have been removed from the programme and others have been suspended, due to issues found at audit.

This approach has seen the programme formally recognised by the Defence InfoSec Product Co-Operation Group UK (DIPCOG). This is a UK Ministry of Defence (MoD) forum run by a committee comprised of representatives primarily from the MoD and CESG.

WORRIED?
In addition to recommending the use of a certified company when looking for a partner for IT disposal services, ADISA, in conjunction with the University of South Wales, has developed 'AD Test'. This process helps organisations understand where their vulnerabilities exist by reviewing all internal and external aspects of asset disposal. A completed AD Test offers organisations confidence that their asset disposal process is fit for purpose.

To see if your partner is certified or to register for a free webinar to learn more about ADISA, visit: www.adisa.org.uk.

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT