
Photo courtesy of Adobe Stock
ERI, a Fresno, California-based information technology and electronics asset disposition provider (ITAD) and cybersecurity-focused hardware destruction company, says it has completed the Service Organization Control (SOC) 2 Type II audit and received compliance certification. ERI received SOC 2 Type I certification in May 2022 and, according to a news release, is the first ITAD and electronics recycling company to attain SOC 2 certification.
SOC 2 Type II compliance certification affirms that ERI’s practices, policies, procedures, security, data integrity and operations meet the American Institute of Certified Public Accountants’ (AICPA’s) standards for security and data protection.
John Shegerian, CEO of ERI, tells Recycling Today that obtaining these certifications is a deliberate effort toward transparency and assurance for the company’s clients. “ERI is dedicated to data security–we see it as one of the essential and defining elements of effective ITAD services and responsible e-waste recycling,” Shegerian says.
“We wanted to single ourselves out and demonstrate our commitment to protecting people, privacy and the planet by operating in the most radically transparent way possible and provide absolute assurance to our partners and customers that their privacy will never be compromised when they work with us. That's why we decided to go through the rigorous audits and process required for SOC 2 Type II certification.”
SOC 2 audits are conducted to review companies’ effective implementation of employee controls and training, IT systems and risk management control, product discipline and vendor selection. SOC 2 Type II is a review of controls at a service organization over a minimum six-month period. Independent auditors carry out field work on a sample of days across the testing period to observe how employee controls are implemented and how consistently effective they are in keeping potential and existing customers’ sensitive data safe.
Shegerian tells Recycling Today that for ERI to achieve SOC 2 Type II certification, the system must meet certain security criteria preventing unauthorized access; availability for operation and use as agreed with customers; complete, accurate, well-timed and authorized processing; protection for materials classified as confidential; and privacy standards as specified by the AICPA.
“As a cybersecurity-focused organization, we have long been focused on protecting data at a military-grade level, so this was nothing new for us,” Shegerian says. “What was new was undergoing a [six-plus] month audit process to be able to demonstrate our consistency in this realm. We are very proud to be the first ITAD and e-waste recycling company to achieve this certification, which we feel demonstrates our willingness to go above and beyond all standards and protocols in our efforts to protect the privacy of all our partners and customers.”
Get curated news on YOUR industry.
Enter your email to receive our newsletters.
Latest from Recycling Today
- Steel Dynamics announces operational senior leadership transitions
- BCMRC 2025 session preview: Evolution of battery chemistries
- Emirates Aluminum picks Oklahoma for US facility site
- WM names company president
- Can Manufacturers Institute, Recycling is like Magic release aluminum can recycling contest results
- WasteExpo 2025: EPR implementation requires collaboration, harmonization
- GP to shutter containerboard mill in Georgia
- Vallourec reports slimmer profits in Q1