Disposing of and recycling equipment potentially containing highly sensitive data is a serious business, with massive fines for companies not handling their client's data in accordance with GDPR. We look at what it takes to offer End of Life asset management services to the Ministry of Defence and the NHS, among other high profile customers.

Where does the name DSA Connect come from?

DSA Connect was established in 2011 primarily to partner a division of the Ministry of Defence called the Disposal Services Authority (DSA). Working with the MOD for several years we were invited to partner with the DSA on their asset management services with particular regards to IT and electronic equipment. Our role was to introduce and develop this asset management service with other government departments and public bodies.

Hence, we ‘connected' the DSA with other public bodies outside of the MoD - DSA Connect Ltd.

The partnership with the MoD combined our commercial and public sector skills to develop an asset management service that was secure, auditable, compliant and with a financial return on their assets. It is the same methodology that DSA Connect applies today in contracts with both the commercial and public sectors.

What is Asset Management?

While most assets retain some value, even at end of life, most IT assets also retain data, which can bring huge responsibilities to their owners in the way they in which they are disposed of. GDPR clearly and firmly puts the responsibility on the owner of any personal data held on its devices. Whilst this is obviously the case with laptops, PCs, servers etc, increasingly data is being captured on devices such as telephone systems, smartphones, TVs, photocopiers, point of sale machines and the like. Good asset management requires audit, secure and permanent eradication of all data, total de-branding of all company logos, asset tags etc and the marketing and sale of redundant reusable assets, as a transparent process. The total recycling of any non-saleable redundant items, insuring a zero to landfill policy. It is essential to provide full certification of data removal, data destruction and the waste transfer.

How does DSA Connect do this?

DSA Connect is an IT asset disposition (disposal) company, (ITAD) that specialises in the secure, auditable, and compliant disposal of redundant and end-of-life IT assets. So, when businesses and organisations have IT assets that are no longer required, they need to have complete confidence and assurance in the methodology used in their disposal. DSA Connect's methodology is a robust process commencing with an audit of all the equipment followed by the secure removal of all data, using NCSC (National Cyber Security Centre) approved techniques. DSA Connect has developed a wide ranging network of buyers of IT and electronic equipment in the UK and EU. Our sales network enables us to monitor and achieve best price for resale of equipment. Since the lockdown, we have seen an increased demand for used laptops and hand held devices, bringing bigger financial returns for our clients.

How do you securely eradicate data on electronic devices?

This is the main role of DSA Connect, as unfortunately so many people think that a factory reset or a hammer to a hard drive will permanently remove all of its data from a device. This is simply not true. DSA Connect use various methods and data eradication tools that are approved by the National Cyber Security Centre (NCSC). These include Blancco Drive Eraser 6 and White Canyon Wipe Drive data sanitisation software. We also have shredding facilities and have the capability of granulating a hard drive to maximum 6mm particle size. For on-site data eradication, we use a mobile degausser which completely obliterates all data on hard drives and data tapes using intense magnetic fields. On-site degaussing is far more environmentally friendly than on-site shredding as it is non-polluting, quieter, and much quicker. The degaussing can take place in an office environment (as opposed to the back of a lorry) and takes a fraction of the time to destroy data.

What should any organisation, considering disposing of their IT assets, look for in an ITAD?

There are many companies in the market claiming that they provide an IT disposal service, however, the questions to ask when deciding who to entrust your IT assets to are:

  • Does the ITAD provide complete traceability and accountability supported by adequate reporting and documentation?
  • Does the ITAD keep all IT devices that it collects in a secure, controlled environment and an inventory made of every item and its disposal route?
  • Does the ITAD protect against information and identify theft by using physical destruction and software sanitisation solutions approved by the UK National Cyber Security Centre (NCSC)?
  • Are the transportation risks addressed by using unbranded vehicles that are fitted with satellite vehicle tracking?
  • Are their premises and facilities properly secured against all conceivable risks, including the use of intruder alarms, secure entry systems and CCTV?
  • Are staff security screened to BS 7858?
  • Does the ITAD have quality and environmental management systems in place? ISO9001 & ISO14001
  • Does the ITAD have an information security management system in place, such as ISO 27001?

How has the Covid-19 pandemic affected your business?

As with all industries the pandemic has had an effect on how DSA Connect has been working, we continued to work throughout the lockdown, (as we had NHS clients to service) and saw an increase in companies having an ‘IT clear-out' while their offices were empty, or deciding that it was time to upgrade IT equipment and processes. Increased concerns in management of data security as more people worked from home. Our independent research (which has been widely published) found that there was a dramatic increase in people encountering online scams whilst working from home. From a survey of just over 1,000 IT professionals, we found that 14% have accessed confidential data that they were not supposed to see, a further 5% had unauthorised access to other people's private photos via their employers' technology, while 6% have seen private correspondence between their employers and clients, 4% have been able to view financial details of clients and/or colleagues and 3% have seen the health records of third parties.

Sadly, an unforeseen but increasing outcome of the Covid-19 pandemic is the number of organisations going into some kind of insolvency, (administration, liquidation etc). This has led to many CEOs, FDs and insolvency practitioners, ever mindful of their GDPR responsibilities, urgently requiring data to be permanently eradicated from IT systems and equipment, in order for our engineers to carry out the decommissioning of these sites.

For more information visit DSA Connect