Learning Center

Posted by

Developing New Solutions to Make the Security Industry More Secure

In 2005, VeriSign, Inc., a leader in domain names and internet security, became dissatisfied with industry standards. The company was particularly unhappy with how they were handling their end-of-life computer equipment in terms of Data Security, Indemnification and Documentation. CRUSA was contacted by a Director at Verisign, who said point blank: “The industry’s best companies do not give us the documentation we need to produce in an audit or defend ourselves if we needed to. They also do not address my security needs sufficiently. I need a better way.”

We accepted the challenge to improve data security and develop a fully documented, compliant process to handle IT Asset Disposition at Verisign.

Developing New Solutions to Make the Security Industry More Secure

At the time, the industry was focused on erasing hard drives, but overlooked embedded media. In terms of data security, this meant it overlooked the most key element of hacking: eliminating any and all access to the network. Vendors weren’t erasing IP addresses and passwords from electronic equipment such as switches, dial home cards, smart UPSs, etc. Because of this, CRUSA built a “datafinder” manual, which identifies embedded media in all computer devices and how to eliminate the data. This was an industry first, enabling us to guarantee all of our clients that all data would be erased since no embedded media could pass through our process undetected.

The indemnification offered by most vendors in our industry was traditional Errors, Omissions and Pollution coverage. Because of the far-reaching implications of a data breach, this type of insurance wasn’t sufficient to indemnify a company like Verisign. We worked with them to get them special Cyber liability coverage with Lloyds of London, which offers a broader scope of protection. This ensured that Verisign had all of the coverage it needed in terms of data security and cyber liability.

Lastly, the environmental aspects of recycling electronics made having a true chain of custody imperative. If Verisign ever needed to go to court to defend itself from a computer winding up where it shouldn’t be, its current recycling process and accompanying documentation was insufficient. Our team collaborated with attorneys for a full year in order to understand what a business like Verisign would need to defend itself if a recycled computer wound up as the cause of environmental litigation. This led to CRUSA developing the industry’s first chain of custody that mirrors the documentation needed to support an environmental claim.

By listening to our client and examining the gaps it encountered throughout the security industry, CRUSA was able to pioneer and execute several innovative programs. In addition to helping Verisign, we’ve continued to work with other clients to manage risk and become more compliant when processing end-of-life computer equipment.

© Copyright 2015 CRUSA Computer Recycling USA. All rights reserved.   |   Corporate Office: 425 Fortune Blvd. Milford , MA 01757   |   [email protected]