The R2 standard and certification program, which so many rely on as an assurance of responsible ITAD services, is getting a makeover – making it the strongest, most reliable means of assuring industry best practices are being implemented by an ITAD service provider. R2:2013, as the new program is being called, increases the oversight and other quality assurance mechanisms that are so critical to a voluntary certification program.
“Since its inception, R2 has stood for responsible recycling,” states Mike Watson, who until recently was director of compliance for Dell takeback and now is CEO of Zloop Computer and Electronics Recycling Centers. “With the implementation of the R2:2013 program, R2 will be even stronger and more responsive to the quality assurance needs of folks procuring ITAD services.”
The R2 standard originally was developed by a multi-stakeholder group convened by the United States Environmental Protection Agency. It is a voluntary standard covering environmental, health, safety, and data destruction for the electronics recycling industry. With the mission of “reuse, recycle,” the demand for R2 certification is strong. Following the lead of the U.S. government, many other government and corporate entities have identified it as a criterion for all ITAD solicitations. The International Association of IT Asset Managers, Inc. (“IAITAM”) includes R2 as part of ITAD vendor due diligence in their training programs.
Service providers have responded. Providers such as Arrow Global Asset Disposition (which includes Techturn, Intechra, and Redemtech, and others), Electronic Recyclers International (ERI), Sims Recycling Solutions, Waste Management, and HiTech Assets have all been certified to the R2 standard. Their reasons for becoming R2 certified are two-fold:
- The certification process improves internal management systems and processes
- With the demand for techniques to identify the best vendors, R2 provides a significant market advantage over uncertified competitors
Currently, over 375 electronics recycling facilities have been certified to the R2 standard and the number continues to grow. While most of these facilities are in the United States, the R2 standard is global in applicability and there are currently facilities certified in: Australia, Canada, China, Costa Rica, England, Germany, Hong Kong, India, Ireland, Malaysia, Mexico, New Zealand, Singapore, South Africa
The R2 standard consists of 13 provisions which are the basis for dozens of requirements for ITAD providers. The overall goal of the standard is to help ITAD companies optimize their environmental, health, safety and data security systems and, by certifying to these requirements, assure their clients that they are fully addressing matters that might otherwise result in brand risk and legal/financial liability.
The Development Process
A multi-stakeholder group, the R2 Technical Advisory Committee (TAC), is responsible for the ongoing content of the R2 standard and provides the opportunity for input and due process to all interested parties. Review of the original R2 standard (known as R2:2008) has led to the development of revisions where topics needed to be strengthened or clarified. The TAC solicited and received numerous public comments at two points in their deliberations, first on the areas of R2:2008 that should be considered for revision and later on proposed changes to address these areas. This open and transparent process assured that the standard was revised in a manner that is thorough; giving full consideration to all potential changes and resulting in the strongest, most thought-out approaches to each issue.
The TAC’s membership has included organizations that care deeply about the environment, the workers’ and public health, and data security – and that demand R2:2013 reflect these values: Dell, Best Buy, Microsoft, UPS, the Federal government’s General Services Administration (GSA), and numerous others including top ITAD companies that want R2 to stand as the differentiator in the industry.
R2:2013 raises the bar of requirements substantially. Many of the TAC’s significant revisions provide even greater assurances that an R2-certified ITAD service provider is a highly responsible recycler and that retired IT equipment is managed to the customer’s high expectations.
Perhaps the most significant change is to Provision 1 of the standard which sets forth the requirements for an ITAD company’s environmental, health and safety management system (EHSMS). In R2:2008, an ITAD company could develop its own EHSMS in accordance with requirements set forth in the R2 standard itself. These requirements were comprehensive but general in nature.
In the revisions to R2:2013, the approach is changed, requiring that the EHSMS be certified to ISO 14001 and OSHAS 18001, or RIOS™ (the Recycling Industry Operating Standard™, which has environmental, worker health and safety, and quality elements), in order to satisfy this requirement. This requirement will substantially increase the rigor and integrity of the underlying EHSMS, thereby strengthening the entire R2 program at every certified ITAD company.
R2:2013 Export Requirements
R2:2013 includes changes to the all-important exporting requirements in Provision 3 which broaden and strengthen these requirements, adding further assurance that ITAD equipment will not end up overseas in a landfill or on an open-burn pile. The revisions call for all export and import laws to be identified and strictly followed, including those of any transit countries a shipment passes through. This requirement includes the laws of all countries, not just “non-OECD” countries. (OECD stands for the Organization for Economic Cooperation and Development.)
R2:2013 Focus Materials
Working in conjunction with the exporting requirements are the downstream due diligence requirements of Provision 5. These points are clarified and further tightened in R2:2013. All “Focus Material” (parts and materials in IT equipment that may pose a hazard to human health or the environment if not properly managed) must be tracked through each downstream vendor until the stage is reached where they are sold for reuse as a commodity grade material (e.g. after smelting) or as a fully functioning piece of equipment. Each downstream vendor in the “recycling chain” must manage the Focus Materials (FMs) according to the highest standards in the industry and, of course, in accordance with all applicable laws. Of course, dropping such devices into a landfill is prohibited as a management option.
R2:2013 Data Destruction
The requirements in Provision 8 regarding data destruction have been substantially strengthened. All data has to be destroyed following the procedures set forth in established data destruction standards (e.g. NAID, ADISA), and these procedures need to be audited. Employees involved in data destruction must have special credentials and training, while the process needs to be overseen by an independent party. Furthermore, until data destruction occurs, all data-containing media devices must be kept totally secure and tracked throughout transport and storage. R2:2013 calls for the absolute best management practices in the area of data destruction.
“The downstream due diligence requirements really get to the heart of what R2 is all about, along with the data destruction requirements,” states Rike Sandlin, R2 Technical Advisory Committee Co-Chair, and Senior Vice President & COO of HiTech Assets which has R2-certified facilities in Oklahoma City and Memphis. “To minimize the risks of brand damage and legal noncompliance, you need to have complete confidence that your IT equipment is managed securely and responsibly throughout the refurbishment and recycling chain.”
All in all, in terms of the substantive requirements of R2:2013, people in charge of ITAD procurement will be able to rest assured that R2-certified vendors are managing retired IT equipment in the best manner possible – and that their downstream vendors are as well, all the way to the equipment’s final disposition.
R2 Program Growth
In addition to the TAC, the R2 program includes R2 Solutions. R2 Solutions “houses” the R2 standard and helps oversee the overall implementation of the R2 program. However, it does not conduct the actual audits and it does not issue the R2 certifications. Audits and certifications are performed by six accredited Certification Bodies or “CBs”. This bifurcated structure is the norm for voluntary industry standards such as R2 and ISO 14001.
With R2:2013, auditor training, oversight, and other factors affecting the overall credibility and integrity of the R2 program are strengthened. Along with the R2:2013 standard, R2 Solutions is publishing the 2013 R2 Code of Practices. The R2 Code of Practices sets forth in detail the quality assurance and other requirements that the certification bodies and their auditors must meet to be approved by R2 Solutions.
From the ITAM Perspective
Without proper procurement selection criteria, the organization is at risk for an extremely uncomfortable and potentially nasty legal position regarding disposed devices. Imagine, at some point in the future, when some media outlet runs an expose showing the corporation’s retired computers in a partially-burning landfill, or is able to access supposedly “private” data from improperly discarded equipment.
Increasingly, corporations are recognizing the very real and significant risk to their brand and the potential legal and financial liability associated with improper management of retired IT assets. Like it or not, the selection of an ITAD service provider can have an impact on a company’s overall wellbeing.
“Far and away the best way to address a brand-damaging situation is to avoid it in the first place,” says Bryant Hilton who previously managed corporate responsibility communications for a Fortune 50 company. “Proactively managing for proper retirement of IT assets is essential for avoiding potential legal, brand and PR crises for any organization.”
Awareness is rising. In solicitations for ITAD services, many companies have begun to require that vendors be certified to a third-party audited, generally-accepted certification such as R2. Such language is straightforward to write into a Request for Proposal. For companies in long-term arrangements with ITAD partners, consider requesting that they become certified if they are not already. One never knows what the process of getting certified will uncover that may be posing an unwanted risk unbeknownst to either partner.
IT Asset Managers responsible for final disposition processes for electronics are aware of the issues surrounding disposal and recycling. The international Basel Convention on the Control of Transboundary Movements of Hazardous Wastes and their Disposal has been driving attention to the global issues since ratified in 1989. ITAM professionals are also striving to eliminate risks to data and device security. As described earlier, the R2:2013 has the substantive requirements and programmatic safeguards to make it the strongest ITAD certification program available. ITAD service providers that are certified to R2:2013 will be some of the most rigorously audited companies in the world.
Moreover, for multinational companies, R2:2013 is the logical choice because of the requirements regarding transboundary shipments of retired IT assets. All import and export laws must be complied with and all downstream vendors of an R2-certified ITAD service provider must meet rigorous R2 qualifications that assure proper management of retired IT assets through to final disposition. But beyond this restriction, there are no outright prohibitions that go beyond the relevant countries’ legal requirements. This can be critical to companies with a presence in countries that do not have the requisite infrastructure in place to properly manage certain retired IT assets.
When R2:2013 is Implemented
R2:2013 is anticipated to go into effect on July 1, 2013 – in only a few months. There will be a transition period of a number of months during which certified companies are expected to conform to the new requirements. During this interim period, ITAD procurement folks may want to look specifically for R2:2013-certified companies, as there will still be R2:2008-certified companies that are meeting the rigorous but somewhat less demanding older set of requirements.
To avoid confusion regarding which version of the R2 standard applies to an ITAD vendor’s certification, R2 Solutions is providing a new logo for R2:2013. The original green-leaf logo will continue to represent R2:2008 while a new green-circle logo – which specifically includes the term “2013” – will represent R2:2013.
The Impact of R2:2013
R2:2013 offers an increased level of assurance regarding the conduct of ITAD vendors towards the health and safety of their employees as well as the business practices offered. These certified ITAD vendors are going to be highly responsible in their management of retired IT assets. Organizations increasingly demand ITAD services that minimize the risks of mismanagement, adverse environmental consequences and brand damage. R2:2013-certified vendors will be the sort of prudent and proactive service providers that organizations are seeking for ITAD services.
“Take advantage of R2:2013 – use it in your ITAD procurement decisions,” states John Lingelbach, Executive Director of R2 Solutions, the housing body for the R2 standard. “It will give you the assurance you need that your ITAD vendor is managing your company’s retired IT assets to the highest of standards.”