John Shegerian, Chairman/CEO of ERI, the nation’s largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company, has called achieving both SOC 2 Type I certification and NAID AAA certification the “new gold standard of responsible data destruction,” and has urged companies and organizations who handle data-bearing technology to pursue (or partner with organizations that have achieved) what he refers to as “dual data security certification.”
ERI successfully completed the Service Organization Control (SOC) 2 Type I audit and received its compliance certification. SOC 2 compliance certification is recognized globally for its rigor in the review of organizations’ systems and controls. It affirms that ERI’s practices, policies, procedures and operations meet the SOC 2 standards for security and data protection. ERI has also, for more than six years, been recognized by the International Secure Information Governance & Management Association (i-SIGMA) as a fully NAID AAA certified organization. NAID AAA certification verifies secure data destruction companies’ compliance with all known data protection laws through scheduled and surprise audits by trained, accredited security professionals, fulfilling customers’ regulatory due diligence obligations.
SOC 2 independent audits are also conducted to review companies’ effective implementation of employee controls and training, IT systems and risk management control, product discipline, and vendor selection. ERI’s SOC 2 examinations for Type I compliance testing were conducted in accordance with standards from the American Institute of Certified Public Accountants (AICPA). Type I testing confirms that a company’s systems and controls meet SOC 2 audit standards.
“Cybercrime is a greater threat today than it has ever been,” said Shegerian. “We are proud to be the first organization in our industry to be both SOC 2 Type 1 and NAID AAA certified. Being dual-certified at the highest standards for data security further reinforces an ongoing commitment to data protection and the responsible recycling of all electronic devices. It also demonstrates that we are willing and able to provide independent testing and audit results that demonstrate how our systems and controls for handling data-bearing devices can be fully trusted.”
ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI is certified at the highest level by all leading environmental and data security oversight organizations to de-manufacture, recycle, and refurbish every type of electronic device in an environmentally responsible manner. It is the first and only company in its industry to achieve SOC 2 certification for security and data protection. ERI has the capacity to process more than a billion pounds of electronic waste annually at its eight certified locations, serving every zip code in the United States. ERI’s mission is to protect people, the planet and privacy. For more information about e-waste recycling and ERI, call 1-800-ERI-DIRECT or visit https://eridirect.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220707005669/en/
Contacts
Paul Williams, 310/569-0023, paul.williams@eridirect.com
