The federal government is the nation’s largest single consumer of electronics and IT equipment and it is estimated that it disposes of 10,000 computers every week.
The federal government and its contractors are a prime target for cybercriminals and cybersecurity is clearly of prime importance. The Federal Information Security Management Act of 2002 (FISMA), as amended in 2014 (Public Law 113-283) requires each federal agency to develop, document, and implement a program to provide information security for its information systems and data, including those outsourced to its contractors.
FISMA mandates that Federal information systems must meet minimum security requirements as defined by the National Institute of Standards and Technology (NIST) and each agency is tasked with developing its security framework appropriate for its mission and classification of data. Additionally, other federal laws may apply depending on the type of data an organization creates, processes, and stores.
One example is the requirement for sanitization of media containing Federal Taxpayer Information (FTI) that can be found in IRS Publication 1075 Section 8.0, Disposing Federal Tax Information. Additionally, the IRS follows the guidance set forth in NIST SP 800-88, Guidelines for Media Sanitization, for media sanitization and destruction. If an agency has legal authority to disclose FTI to a disposal contractor and chooses one that is not National Association for Information Destruction (NAID) certified, the agency will then be required to inspect that facility every 18 months, further adding to the burden on the agency.
Beyond the data security concerns and risks, Federal agencies are also required to dispose of electronics assets in an environmentally responsible way as provided in GSA Bulletin FMR B-34 Disposal of Federal Electronic Assets. FMR B-34 requires Federal Electronic Asset (FEA) recyclers to be certified. The only certification programs currently recognized for disposal of FEA are the Responsible Recycling (R2) program and the e-Stewards program.
Protect your Organization
So, the issue is twofold: government entities and their contractors must meet the challenge of both protecting data contained in end-of-life equipment while also ensuring both data and non-data bearing electronics equipment are properly recycled to comply with all applicable regulations and to protect the reputation of the organization.
ERI is the largest fully integrated IT and electronics asset disposition service provider in the U.S. and focused on data destruction and cybersecurity – ERI is the only company in the world with NAID AAA, R2, and e-Stewards certifications. NAID is the only recognized certification focused exclusively on data security and data destruction; R2 and e-Stewards address both data security and environmental controls. Holding all three certifications means we are subject to 15 to 20 audits every year, including unannounced audits.
We can service clients throughout the country through our eight locations. Further, ERI offers a recycling kit program to handle smaller volumes responsibly and cost effectively for satellite government or contractor offices.
ERI offers four levels of data destruction, including witnessed, high security services and services in accordance with NSA/CSS Policy Statement 9-12, “NSA/CSS Storage Device Sanitization.” Regardless of the level of data destruction services provided, ERI maintains strict security controls and protocols including physical security through video surveillance; card or biometric access to secure areas; motion detectors; walk through and handheld detection equipment; and third-party security personnel at all ERI facilities. Further, agency specific processes can be defined as required to meet the needs of each agency and contractors under applicable regulations.
ERI provides comprehensive data destruction and electronics recycling services with a defensible “audit trail.” We 100% guarantee your data will be wiped from any IT and electronic assets if you use ERI. Further, there is a 100% guarantee that your assets won’t end up in a landfill anywhere in the world preventing public damage to your reputation and costly fines or cleanup costs.
Choosing ERI is the best way to safeguard your organization for IT and electronic asset disposition. Contact us for more information on how ERI can help your organization, or for a free assessment of your compliance with applicable regulations.Contact Us For More Information
- GSA Contract Number: GS-10F-0051Y
- CAGE Code: 4X6C0
- DUNS: 60-968-0397
- NAICS: 423930, 562920, 4380.002, 4399