Sustainable Electronics Recycling (SERI) released the first major update of the R2 standard since 2013 in July 2020, providing a list of new standards for IT asset disposition enterprises. We have been highlighting R2v3 with a series outlining the updated standards. Read more about the new R2v3 changes and EH&S Management updates. This week we examine the changes to data security, focus materials, and facility requirements. The new standards include requirements such as data sanitization plans, further details regarding processing and training, and stricter facility requirements.
Data Security: The new R2v3 compliance requires a documented data sanitization plan and data security policy addressing specific requirements, training, authorizations and oversight. R2v3 now requires all enterprises to assign a data protection representative and provide regular training and verification for all workers. Enterprises must develop safety authorization levels associated with specific access controls, identify and label secure areas, and implement security controls. There must be written acknowledgements of responsibility for anyone granted authorizations. In addition, the new standards require the implementation of a data security incident response procedure, and confirmation of receipt and details of sanitization with the supplier. The new requirements also include a process for supplier notification of special information, and specification of permitted data sanitation methods and conditions of the annual data security and sanitization audits.
Focus Materials (FM): R2v3 requires the FM management plan to define the expertise and capabilities for processing along with the planned methods of processing and demonstrated capacity needed to process. Enterprises are now required to provide a flow chart of the downstream chain. Non-FMs and non-electrical equipment are to be handled in a safe and legal manner in accordance with the hierarchy in core requirement 2.
Facility Requirements: All processing operations must be conducted indoors unless certain conditions exist, and equipment destined for re-use must be stored in an enclosed environment, protected from the elements. The new standards require an evaluation of risks associated with operations and security of insurance or reserves to cover liability. Coverage must include treatment of work-related injuries and illness, but does not explicitly require pollution liability. R2v3 requires enterprises to assign commercial businesses to manage assets identified in the closure plan and provide an exemption from the financial instrument requirement for certain small, low risk facilities, where all requirements are met.
Data security is one of the most important aspects of the IT asset disposition process. Clients put their trust in enterprises to keep their data security safe. HOBI International, Inc. takes extra security measures to ensure that no data breaches occur. HOBI uses an internally-developed, NIST-compliant data erasure tool called HOBI Shield that provides complete data erasure. For more information about HOBI’s data security procedures call 877-814-2620, or contact us at firstname.lastname@example.org.