R2 Solutions


December 2012  

R2 Update
The latest information on the Responsible Recycling (R2) Standard 
Join Our Mailing List
Quick Links
Find an R2 recycler

Choosing an R2 certified recycler takes the guess work out of hiring a reputable electronics recycler that adheres to the highest industry standards. 
     To find a certified R2 electronics recycler, click here.

R2 practices
Become R2 certified


R2 is the leading standard for the electronics recycling industry, setting a high bar for practices that protect the environment, human health, safety and the security of the recycling process.  Show your customers that you are an industry leader.

     To become an R2 certified recycler, please contact a certification body. 

 

 

AQA International  

 

Orion Registrar, Inc. 

Orion Registrar, Inc.

 

PJR logo 

Perry Johnson Registrars, Inc.

 

 

SGS 

SGS 

 

SAI
SAI

Additional Certification Bodies may be found at ANAB.
Welcome to the R2 Update!  This newsletter contains relevant industry information and news pertaining to R2 Solutions, and more importantly the R2 Standard, the leading certification program for the electronics recycling industry.
In This Issue
R2:2013 Public Comments Closed
R2 Solutions at IERC in Europe
Misleading R2 Advertisements
R2:2013 Preview - Data Destruction Changes

 Public Comments Closed

 

The 45-day public comment period for the R2:2013 Draft Standard is closed. We would like to thank all those who read the draft standard and provided feedback. 70 comments were submitted from 28 different individuals across numerous different stakeholder groups. Comments were received on nearly all provisions with provisions five, six, and seven receiving the most feedback.   The R2 Technical Advisory Committee (TAC) is scheduled to meet by phone in January to discuss the comments and determine appropriate courses of action.

 

R2 Solutions at IERC in Europe

   

Lynn Rubinstein, Chair of R2 Solutions Board of Directors, will be representing R2 Solutions at the annual International Electronics Recycling Congress (IERC) in Salzburg, Austria. This event occurs from January 16 - 18, 2013. Ms. Rubinstein is part of a panel titled "How standards can contribute to level playing fields". More information can be found at http://www.icm.ch/12th-international-electronics-recycling-congress-ierc-2013.  

Misleading R2 Advertisements

  

R2 Solutions was recently forwarded the following posting.

 

"R2 recycler looking to BUY empty - used toner and inkjet printer cartridges.

We are a collection agent for an R2/RIOS recycler of toner and inkjet cartridges. We are looking to buy any quantity of empty - used printer cartridges. All shipments go direct to R2 recycler, which translates to best possible payment and easiest downstream auditing for other R2 facilities. Have something you would like to sell off before year end? Please call or email me, we'd appreciate the opportunity to work together and we will make it happen."

 

Any organization claiming to be a "collector for an R2 certified recycler", "in the process of R2 certification" or "compliant with the R2 Standard" are simply not R2 certified. What they lack is the oversight by an independent accredited Certification Body (CB) verifying their conformance to the R2 Standard. R2 Certified recyclers must satisfactorily complete two (2) audits to achieve certification, followed by at least one audit annually by the CB. The independence of the CB assures an objective assessment that the organization is adhering to industry best practices in the R2 Standard, thereby ensuring protection of the environment, worker safety, public safety, and data security.

 

We recommend that you verify certifications and claims before selecting a recycler. R2 Solutions provides a web page of all currently R2 certified organizations and locations at http://www.r2solutions.org/certified/electronic-recyclers-with-r2-certified-facilities/. Furthermore, you should review the actual certificate from the R2-certified recycler to ensure the facility addresses, and the scope of certification matches your needs.

R2:2013 Preview: Data Destruction Changes

 

To prepare for the coming transition to R2:2013, we are covering new requirements under consideration.  The R2:2013 Standard is currently a DRAFT.  Public comments have been received and the R2 TAC is finalizing the R2:2013 Standard. 

  

One of the many changes proposed in the draft R2:2013 standard is a strengthening of the data destruction requirements in Provision 8. Data destruction continues to leverage existing standards specific to data destruction. However, the updated Provision 8 also explicitly pulls out common requirements embedded in standards such as NIST SP 800-88, ADISA, and NAID.

 

First, 8(e) will require quality controls to ensure effectiveness of data sanitization, purging, or destruction techniques. Verification is important to ensure that the data destruction technique works within the organization. Second, 8(f) requires that an R2 certified recycler implement security controls to protect devices containing data prior to sanitization or destruction. The level of security is relative to the level of classification of data handled by the R2-certified organization.

 

Also proposed to be included in 8(g) is a specific requirement for maintaining records of data destruction. This was previously covered within the referenced data destruction standards like NIST 800-88. This new provision 8(g) clarifies any misconception about the need to maintain records to prove data destruction of media.

 

Finally, often all or parts of the data destruction processes are outsourced to other vendors. For example, cell phones may be sent to a cell phone refurbisher who maintains the expertise and equipment to adequately sanitize phones of data. Devices or drives which cannot be accessed or fall below minimum technical thresholds may be sent for shredding or smelting by a downstream vendor. These situations are common to the recycling chain and must consider the data that may still be resident on these media when sent to another vendor.

 

In order to strengthen and clarify the data destruction requirements in outsourcing, Provision 8(d) is proposed as part of the draft R2:2013 Standard. This requirement assigns responsibility to the R2 recycler to ensure data destruction by a third-party downstream vendor adheres to the requirements of R2:2013. Furthermore, it requires tracking and security controls of the media containing data during transportation to these vendors.

 

These changes to the R2 Standard in Provision 8 are not entirely new. If implemented correctly, these should have been implemented through current requirements in NIST 800-88 or other generally-accepted data security standards incorporated by provision 8(a). These are primary best practices of any organization handling media containing user data.   The recommended changes seek to strengthen and clarify data destruction requirements to ensure consistency and conformity by all R2-certified organizations.

 

We want to hear from you!  Please send along any R2 related news or information that you think would be important to share with the electronics recycling community. 

Thank you!