IT Asset Disposal technology is always advancing - and understanding new tech phrases is essential if a business is to successfully adapt and change. With the arrival of the EU General Data Protection Regulation (GDPR) in May 2018, organisations will face a raft of new data protection, retention and destruction requirements. Which means a new set of jargon to become familiar with.
This blog is IT Asset Disposal jargon explained by industry professionals and hopefully provides an essential dictionary of the key standards, technologies and industry bodies your business needs to understand in 2017.
IT asset disposal jargon explained
BS EN 15713
This standard provides a framework of the key conditions that must be adhered to by companies who destroy confidential information. It includes criteria such as the specific sizes data should be shredded to, and how the destruction should be monitored and controlled.
BS EN 7858
This British Standard specifies a Code of Practice for security screening of both individuals and third party companies which is required prior to employment in a security environment.
The Common Criteria for Information Technology Security Evaluation is used as a basis for Government driven certification schemes. The framework provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner, at a level that is commensurate with the target environment for use.
Centre for the Protection of National Infrastructure (CPNI) is the UK’s Government authority which provides protective security advice to businesses and organisations across the UK national infrastructure. The advice aims to reduce the vulnerability of national infrastructure to terrorism and other threats, keeping the UK's essential services safer.
Corporate Social Responsibility (CSR) is the process of assessing and taking responsibility for a company's effects on the environment and impact on social welfare and how to use this in a positive way.
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. The DPA is set to be amended to bring it into line with the EU’s General Data Protection Regulation (GDPR).
Degaussing involves using a machine that produces a strong electromagnetic field to destroy all magnetically recorded data, leaving the domains on hard drives and floppy discs in random patterns with no preference to orientation, thereby rendering previous data unrecoverable.
Defence INFOSEC Product Co-Operation Group (DIPCOG) of the UK is a Ministry of Defence (MoD) forum run by a committee composed of representatives primarily from the MoD and NCSC (previously CESG - the Information Security arm of GCHQ) and the National Technical Authority for Information assurance within the UK. The aim of DIPCOG is to provide an interface between the MoD and vendors of IT security products and services.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments.
This is the action of extracting and destroying data from an information system in the form of drives and other such media by cutting (or shredding) it down to 6mm granules.
The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
IS5 / Infosec Standard 5
Infosec 5 Enhanced Level sets a wide range of requirements for ensuring media is disposed of securely, including not just the technical detail of overwriting data, but also the policies and processes that organisations should have in place.
IS5 defines two different levels of overwriting.
- Baseline overwriting of data involves one pass, overwriting every sector of the storage medium once with randomly generated data.
- Enhanced overwriting involves three passes; each sector is overwritten first with 1s, then with 0s, and then with randomly generated 1s and 0s.
This standard sets out the criteria for an environmental management system and what it should be certified to. It does not state requirements for environmental performance, but maps out a framework that a company or organisation can follow to set up an effective environmental management system.
This is a British Standard for occupational health and safety management systems. It exists to help all kinds of organisations put in place sound occupational health and safety performance. It is widely seen as the world’s most recognised occupational health and safety management systems standard.
This information security standard helps organisations keep information assets secure by providing requirements for an information security management system (ISMS).
The standard is based on a number of quality management principles including a strong customer focus, management commitment, process and continual improvement. Using ISO 9001:2015 helps customers get consistent, quality products and services.
The destruction of mobile devices by physical shredding. Not to be confused with the paper shredding agencies which will arrive at your office to destroy/shred your corporate documents.
The National Cyber Security Centre (NCSC) is the UK’s authority on cyber security and are a part of GCHQ. The NCSC’s main purpose is to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience. They work with UK organisations, businesses and individuals to provide authoritative and coherent cyber security advice and cyber incident management.
Residual Value is the revenue in equipment that is returned to the customer after recycling a device dependent on age, spec etc.
The physical destruction of hard drives by shredding them using a re-enforced steel blades. Not to be confused with the shredding of paper or information stored on paper-based documents.
The Waste Management Industry Training & Advisor Board (WAMITAB) is a UK organisation tasked with supporting training & technical competence in the waste management industry. WAMITAB is the awarding body for technical qualifications in the waste industry.
WEEE Directive/WEEE Legislation
The Waste Electrical & Electronic Equipment (WEEE) Directive aims to minimise the impact of such equipment on the environment when it becomes waste.
These are just some of the IT asset disposal phrases your business should know and understand. However, the world of technology is always changing so it is vital for you keep your knowledge up to date – not just to support business development but also demonstrate your understanding to clients and prospects. This can be achieved by reading the top technology trade publications and keeping yourself in the loop with industry pundits and publications via social media.
Laura Cooper, Client Services Director at DataRaze
Image source: Shutterstock/everything possible