Describing the ITAD certification landscape

Lecturer: Rike Sandlin
Rivervista Partners LLC
info@rivervistapartners.com
769-218-9825
Highlights:
• Different certifications require the foundational management systems such as ISOs, Rios and others.
• The two dominant ITAD and recycling certifications are R2 and e-Stewards.
• Data security is an important concern for enterprises and NAID and ADISA are regional certifications for this.
• ESG certifications focus on ethics (eg. ASCDI) while B Corp certification looks at environmental, social and governance requirements.
• End-user credentials involve ITAM and NAID, while other programs come in the form of standards or assessments.
Rike’s assessment:
There are different layers and different focus areas for many of these certifications. I described earlier the foundational pieces, the ISOs, Rios and other management systems that these other certifications are really built upon, and so all the certifications require some sort of a system underlying them. For example, e-Stewards requires that you have ISO 14001. R2 requires that you have both ISO 14001 and ISO 45001 and in some cases ISO 9001, or RIOS. So, these standards require that you have some of these building blocks, these foundational pieces in place or they won’t certify you. Let’s set aside the management system for a moment: What we’re building on top of that is really the ITAD and recycling certifications. There are really two core ones that that are dominant: R2 and e-Stewards. These two certifications have similar outcomes or results, they just have a bit of a different focus in some ways, but really many people look at them as equivalent certifications, with some nuances. There is also another area that is data security certification. We know that data is one of the biggest risks associated with ITAD and enterprises are especially concerned about that and so what certifications do they look for related to data? NAID, the National Association for Information Destruction has had a certification for many years, really focused on data security. ADISA is another well-known certification in Europe. NAID is more focused on the US than Europe. So, you see there are some regional differences, but these are very strong certifications for data security. R2 with its most recent revision R2.V3 or version 3, implemented a lot of the same data security requirements that you see in NAID and ADISA within the R2 standards. So, if you’re working with someone that is R2 certified with a scope around data security, then you’re covering your data security bases there as well. There are some other certifications about governance, ethics, ESG and so these are important as well. It’s not just data security or the environment, there are other aspects that are important to enterprises. ASCDI is an organization that came out with a certification program that layers on top of R2 and e-Stewards and the ISOs to focus on ethics, and to check if ITAD vendors behave ethically. B Corp is another certification and that’s outside of the ITAD industry and it’s across all industries. You see farm-to-table restaurants, and Patagonia for example, a great brand that’s achieved the B Corp certification that’s very focused on ESG, looking at environmental, social and governance requirements and how they are managing all of that. So, these are great certifications, very different, but there are some ITAD players that have both of those (R2 and e-Stewards). We talked about the end-user certifications or credentials with ITAM and NAID and then there are some other programs around the world, with some of them being standards, some of others are more like an assessment scheme and not an accredited certification. Some of them are tied to government or regulatory requirements. So, you have a variety around the globe, but the ones we’ve talked about here are really the dominant with the most sophisticated approaches.