Learning Center

Posted by

Passing a Data Security Audit on the First Try

An inside look at what it takes to pass an audit in a highly regulated industry

As one of the largest retail banks in the United States, our client Bank C* considers information security paramount. In order to protect its clients’ information, the bank adheres to strict compliance regulations. Bank C’s Data Center Management team, which handles data erasure and hardware recycling onsite, goes through a rigorous yearly internal audit. As you may imagine, the scrutiny that a large bank undergoes for quality assurance and risk management is very high. Therefore, the amount of documentation required to maintain day-to-day functions, including chain of custody information and data security, is vast.

Tom K. joined the Data Center Management team at Bank C in 2013 as a Business Analyst. He collaborated with the team at CRUSA to design and implement an internal  IT asset disposal process and acted as our primary contact. Over the course of the next two years, he oversaw the decommissioning of over 700 data center devices and the erasure and/or destruction of over 15,000 hard drives. “We have a way to track everything that goes out the door and certificates verifying that items were destroyed,” explains Tom. “If we ever needed to tweak anything, the team at CRUSA would have it fixed or updated within 24 hours. They went above and beyond on everything.”

Passing a Data Security Audit on the First Try

In the spring of 2015, Tom’s team was required to undergo an internal audit of its data center groups. The initial request was to review a list of devices retired within the previous eight months. Tom’s first step was to send a tracking document to the internal audit team, which compared it with the policies and procedures CRUSA had developed for Tom to verify the process was followed to the letter. In addition, the auditors did spot checks. Because the process was so well-documented, it was easy to prove exactly how the IT asset disposal process was accomplished.

Tom’s next step was to put chain of custody documentation together in order to prove that once CRUSA took control of the materials, everything was accounted for. Since CRUSA is often hired to develop and implement compliance processes and provide documentation and reporting for how data is erased or destroyed during the IT equipment recycling process, our team plays a critical role in the auditing of our clients’ businesses. “We provide the best set of documentation in the industry, which our clients use to pass an audit or to defend themselves if needed,” says CRUSA CEO Brian Lovett.

Once everything was verified, the bank’s internal audit team came onsite to watch the removal process in action and make sure everything was working the way it should. The CRUSA team arrived early, did a full walk-through of the process from inventory to destruction, and answered the auditor’s questions to her satisfaction. Tom and the rest of the Data Center Management team were thrilled to find out they had passed the audit from end to end with zero issues, rehashes or recalls on documentation. If they hadn’t passed the audit, they would have needed to extend the process and it would have been a huge ordeal.

“CRUSA helped our department to become the first group at Bank C to complete and pass all phases of an audit on the first go-round,” says Tom. “They’re the best group of people I’ve ever worked with, personally or professionally.”

Passing an audit is an essential part of running a business; choosing the right partner for data security is equally important. To learn more about how our audit ready documentation process can help you pass your next audit, contact us at [email protected] or call us at 877-729-2783.

*In order to protect the privacy of our client, we have changed the name of the bank mentioned in this article.

© Copyright 2015 CRUSA Computer Recycling USA. All rights reserved.   |   Corporate Office: 425 Fortune Blvd. Milford , MA 01757   |   [email protected]