When we’re being evaluated to provide data security and asset disposition services the most common variations of the questions companies ask us are:
What drive erasure specifications do you support?
- Are you able to erase data from the following devices…. ?
- Can you erase data on site?
- What security measures do you have at your facility?
- Do you have any certifications like R2, NAID, or E-Stewards?
- What type of logistics capabilities do you have?
- What happens to equipment that cannot be resold?
- How much insurance do you carry?
- How do you maximize the resale value of my equipment?
The validity of the questions above is not to be underestimated but it always seemed interesting to me that the companies focus the majority of their attention on tasks and events that happen prior to something going wrong and very little on what they would actually do if something did go wrong. Yet we’re all human and mistakes happen all the time so wouldn’t it make sense to actually think through what happens in the event of a data breach? With that in mind I’d like to suggest another set of questions to add to your evaluation list:
- What happens if something goes wrong?
- How do you protect me and my company?
- How to you measure the quality of your process and communicate it back to the client?
- Can you help us make our internal processes better so that working together we can create a more secure environment for my company?
I’ll elaborate on these in subsequent blogs.