ERI first ITAD, e-scrap company to attain SOC 2 Type I and II certifications

ERI, a Fresno, California-based information technology and electronics asset disposition provider (ITAD) and cybersecurity-focused hardware destruction company, says it has completed the Service Organization Control (SOC) 2 Type II audit and received compliance certification. ERI received SOC 2 Type I certification in May 2022 and, according to a news release, is the first ITAD and electronics recycling company to attain SOC 2 certification.   

SOC 2 Type II compliance certification affirms that ERI’s practices, policies, procedures, security, data integrity and operations meet the American Institute of Certified Public Accountants’ (AICPA’s) standards for security and data protection. 

RELATED: ERI receives Verizon’s Supplier Sustainability Award

John Shegerian, CEO of ERI, tells Recycling Today that obtaining these certifications is a deliberate effort toward transparency and assurance for the company’s clients. “ERI is dedicated to data security–we see it as one of the essential and defining elements of effective ITAD services and responsible e-waste recycling,” Shegerian says. 

“We wanted to single ourselves out and demonstrate our commitment to protecting people, privacy and the planet by operating in the most radically transparent way possible and provide absolute assurance to our partners and customers that their privacy will never be compromised when they work with us. That's why we decided to go through the rigorous audits and process required for SOC 2 Type II certification.”  

SOC 2 audits are conducted to review companies’ effective implementation of employee controls and training, IT systems and risk management control, product discipline and vendor selection. SOC 2 Type II is a review of controls at a service organization over a minimum six-month period. Independent auditors carry out field work on a sample of days across the testing period to observe how employee controls are implemented and how consistently effective they are in keeping potential and existing customers’ sensitive data safe.  

Shegerian tells Recycling Today that for ERI to achieve SOC 2 Type II certification, the system must meet certain security criteria preventing unauthorized access; availability for operation and use as agreed with customers; complete, accurate, well-timed and authorized processing; protection for materials classified as confidential; and privacy standards as specified by the AICPA.  

“As a cybersecurity-focused organization, we have long been focused on protecting data at a military-grade level, so this was nothing new for us,” Shegerian says. “What was new was undergoing a [six-plus] month audit process to be able to demonstrate our consistency in this realm. We are very proud to be the first ITAD and e-waste recycling company to achieve this certification, which we feel demonstrates our willingness to go above and beyond all standards and protocols in our efforts to protect the privacy of all our partners and customers.”