End users are often needlessly destroying hardware when it could be repurposed in a secure, compliant and more environmentally friendly manner.
That’s the message of KOcycle, an IT lifecycle services outfit that believes security concerns are sometimes unduly hampering sustainability progress in the sector.
ADISA-certified KOcycle recently secured Gold status with data sanitisation market leader Blancco.
Talking to IT Channel Oxygen, KOcycle Director Mike Mclellan said the Braintree-based company is looking to educate the market about recent security and compliance innovations in the sector.
“Some of our clients want us to come on site and physically shred hard drives and machines,” he said.
“That means all the components are stripped down and go back into the supply chain. Although we recycle everything in the right way and have zero percent to landfill, there’s a cost to that from a carbon, water and mineral perspective.
“Our intention is to repurpose as many devices as we can.
“So when you turn up to a client and they want to completely destroy hardware – even though the technology lifecycle for it is 15 years – obviously we have a problem.
“Security is hindering sustainability in effect, and we’re really trying to take our clients down an educational path.”
“We haven’t had a single data incident in nearly eight years”
Data security is “critically important” to KOcycle, which as an ADISA certified member must adhere to over 200 separate criteria, Mclellan stressed.
“Yes, we push sustainability and social inclusion, but without the security foundation we have in place we cannot do those good things,” he said.
New developments in software and data sanitisation protocols are enabling KOcycle to securely reuse more and more devices, Mclellan added.
“We need to educate and help people understand what the processes are,” he said.
So what security and compliance processes does KOcycle adhere to as an ADISA member, exactly?
“It goes from everything from personnel and background checks, through to vehicle security, and then your policies around risk management and pre-site surveys to understand where the data is, where our vehicle is, and what the risk is of moving that data into our vehicle,” Mclellan said.
“We send two engineers onsite with every single collection. Our vehicles have to be GPS tracked, we have CCTV inside our vehicles at all times, and we do a chain of custody count onsite with the client.
“It’s then tracked via CCTV and GPS all the way back to our facility.
“When the vehicle’s reversed into our premises and goes through goods-in, somebody verifies the count. Then CCTV and asset tracking from our premises kicks in.
“It goes all the way through to our data sanitisation processes, working only with Blancco, and to our quality-control checks and our premises security where we have 24-hour-monitored CCTV and intruder alarm systems.
“We have double gates inside our facility, and caged areas for data to go into. We have smoke barriers which can be released remotely if there’s an intruder event – but we’ve never had one in seven years.
“We’ve done everything we can to mitigate against any data breach, and haven’t had a single data incident in nearly eight years.”
“Go and audit your ITAD partner”
Some clients are working “with one hand tied behind their back” because they are bound by legislation or internal compliance procedures, Mclellan conceded.
ADISA’s ICT Asset Recovery Standard 8.0 is an ICO-approved UK GDPR certification scheme that means clients can be confident they are complying with UK laws, he stressed, however.
Certifications such as ISO 27001 and Cyber Essentials are “good stepping stones” but only speak to the ITAD’s expertise around internal systems rather than how they handle client assets, Mclellan cautioned.
“I think having an ADISA-certified ITAD is pretty critical in this day and age,” he said.
What is Mclellan’s advice to end users concerned about entrusting their end-of-life assets to a third party rather than destroying them onsite?
“If you haven’t been to see the operations of your ITAD provider, I would say go and do a site visit,” he responded.
“Give them a visit once every 6 months or annually, and audit them. Go and understand what improvements they’ve made in their processes.”
Devices could have a resale value or be donated to good causes via KOcycle’s new KODI digital inclusion initiative, Mclellan stressed.
“It might go into a social enterprise or school, or a project where they need the technology,” he said.
“Our mission is obviously around positive impact, but repurposing the device is our number-one aim at all times. If we can reuse something, we will reuse it.”
Mclellan also offered some parting advice for KOcycle’s reseller and MSP partners, which form its main route to market.
“Data security is as important at the end of the lifecycle as it is within your own environment,” he said.
“For our partners that are putting in new tech that’s going to come out the other side three to five years’ later, it’s about working with a partner you can trust to manage that in the right way.”
Visit the KOcycle Content Zone here.
Find out more about KOcycle’s game-changing relaunch here.
This article was produced in association with KOcycle and is classified as partner content. What is partner content? See more here.
