ADISA Certification
Vyta is very proud to have achieved ADISA Standard 8.0 Certification to Distinction level across all sites in Chelmsford, Dublin and Belfast. The highest certification achievable for IT Asset Disposal.
Who are ADISA?
ADISA is an independent certification body within the data protection and information security sector.
Established in 2010, ADISA provide a framework by which companies that offer IT Asset Disposal (ITAD) services can become certified.
Once audited to ensure the correct protocols and systems are in place for proper data security and WEEE recycling, a company can receive a pass, merit or distinction grade certification.
What does ADISA certification mean for ITAD clients?
Vyta routinely work for some of the most recognisable names in the ecommerce, banking, education, IT, defence, health, government and other sectors.
These clients hold various sensitive data types, ranging from health information, financial information, trade secrets or top secret information. As such they need to ensure that when they dispose of assets, they are disposed of correctly so information will never be recoverable.
By using an ADISA certified ITAD, like Vyta, you not only ensure complete data destruction, but also provide auditable evidence that your company is complying with UK GDPR standards and regulations.
Complying with these regulations will prevent data leaks, which can result in significant monetary fines, alongside reputational damage as you must announce the breach to your affected customers.
In the UK alone there are thousands of companies offering a variation of IT Asset Disposal, however clients are putting themselves at risk by using companies that aren’t certified. In fact, there have been some recent high profile data breaches caused by poor quality ITAD services resulting in millions lost in damages and legal fees.
ADISA Standard 8.0
ADISA’s latest standard, 8.0, is the highest certification possible for an IT Asset Disposal service provider.
ADISA offers two versions of its 8.0 standard, one mapped to UK GDPR law, and one to EU law, Vyta has both.
The 8.0 standard has been approved by the ICO (Information Commissioners Office), and accredited by the UK Accreditation Service (UKAS).
The use of a company certified to this standard can be used as evidence of GDPR compliance.
Data Impact Assurance Level (DIAL) Rating
A new part of Standard 8.0 is the Data Impact Assurance Level, also known as the DIAL rating.
DIAL ratings determine the precise security requirements that must be met throughout collection, handling and final destruction of a clients data.
This rating is calculated following a series of questions between Vyta, as the data processor, and the client, as the data controller. The client then receives a certificate with their company’s rating of either 1, 2 or 3, with the higher ratings classifying a higher risk of threat to the data.
Question topics include:
- Perceived threat to the client’s data
- Risk appetite
- Volume of data to be processed
- Categories of data within that volume
- The impact of a data breach upon the client
Government recommended
The UK National Cyber Security Centre recommends using an ADISA certified ITAD on their published guidance on data sanitisation.
Not using a certified company could be regarded as evidence of non-compliance
Mark Gleeson – Data Protection & Cyber Security Lawyer (Barrister)
Vyta is:
- The only certified ITAD covering both the UK & Ireland
- The only ITAD certified across 3 sites
- One of only eight companies globally rated to DIAL 3 standard, able to handle the most sensitive of all data
- One of only two companies certified across Europe
To Discuss Your Organisation’s Secure IT Asset Management Requirements