Sustainable Electronics Recycling (SERI) released the first major update of the R2 standard since 2013 in July 2020, providing a list of new standards for IT asset disposition enterprises. We have been highlighting R2v3 with a series outlining the updated standards. Read more about the new R2v3 changes, EH&S Management Updates, Data Security, and process requirements. This week we examine changes to data changes, and test and repair.
Data Sanitization pt. 2: Picking up where we left off with data sanitization, the new R2v3 standards require video surveillance of all areas where data devices are received, stored, or passed through, and 60 days of video recordings maintained. R2v3 also requires services performed outside of the R2 facility such as mobile operations or activities conducted at a customer’s facility to meet the same data sanitization requirements. R2v3 defines the acceptable methods of physical destruction under Appendix B, as well as the requirements for data sanitization software configuration and support. The new standards now require the implementation of the most stringent data destruction method where required, and the physical destruction process to be video recorded with video records maintained for a minimum of 60 days. It also requires software-based logical data sanitization with electronic records for each device sanitized. Standards require the removal of any user accounts and connections to remote services. They also require routine sampling by someone independent of the sanitization process, of a minimum of 5 percent of all logically sanitized devices to confirm that data is not recoverable. The revised standard allows for the decreased sampling where no issues are found. R2v3 requires the physical destruction in accordance with Appendix B of any data-bearing component where logical sanitization is not successful in removing the data. R2v3 also requires the implementation of quality controls to ensure that data devices were processed as planned and any discrepancies are reported to the supplier. Facilities are not required to verify the quality controls and approval by the Data Protection Representative prior to the release of data devices, and implement corrective actions to address any quality issues that are identified.
Test and Repair pt.1: R2v3 standards now require R2 facilities certified to Appendix C-Test and Repair also be certified to an approved quality management system (QMS) through an accredited certification body. Facilities are also required to develop a detailed R2 reuse plan with written instructions for addressing the competency, product safety, testing, quality assurance and product return requirements. Worker competency requirements must be defined as well. Requirements also include that detailed product safety plans be defined to ensure that equipment and components are safe to reuse.
Repairing old mobile devices is a key element in reducing the resources and energy required to mine new materials for manufacturing. Repairing old devices and expanding their life cycle allows others to continue using them instead of purchasing new devices that require more raw materials to be used. HOBI International Inc. provides full-service, post-launch Mobile Lifecycle Management for Mobility Managed Services programs, as well as repair and refurbishment options.
For more information about our ITAD services call 877-814-2620, or contact HOBI at sales@hobi.com.