Understanding the ADISA Assurance Levels

There are many objectives’ vendors have when seeking certifications, one of which is to use certifications as evidence of quality of the product or service being offered. This allows users of these products or services to build confidence and trust in them.

ADISA’s Product Certification schemes operates in a hierarchy designed to evaluate the products and vendors in an increasingly more detailed way, with the objective of building a hierarchy of assurance in the products and vendors who are certified.

To allow this to be easier to digest, ADISA uses our Assurance Model which is outlined below.

ADISA’s certification schemes include:

AAL6

UK GDPR Scheme ADISA ICT Asset Recovery Standard 8.0

  • Ongoing formal independent professional assessment
  • Focus: IT Asset Disposition service
  • Frequency: One or two audits per year
  • Assessment covers all parts of the business (different use cases)
  • Recognised by relevant government authority (UK Information Commissioner’s Office)
  • Approved as a UK General Data Protection Regulation scheme
  • ADISA Certification is a recognised technical expert (attested by UK Accreditation Service)
  • Assessment conducted by an ADISA auditor
  • Results in a public certification

UK GDPR Scheme Legal Services Operational Privacy Certification Scheme (LOCS:23)

  • Ongoing formal independent professional assessment
  • Focus: Compliance with UK data protection law when processing client’s personal data
  • Expands into multiple different use cases
  • Variation of audits to test different aspects of services and processes
  • Reflects operational use of product or service
  • Recognised by relevant government authority (UK Information Commissioner’s Office)
  • Approved as a UK General Data Protection Regulation scheme
  • Assessment conducted by an ADISA auditor (recognised technical expert)
  • Results in a public certification

AAL5

Product Assurance

  • Formal independent professional assessment
  • Focus: Rigorous testing by ADISA Certification
  • Area: Data sanitisation
  • Verification of software commands to different media types and interfaces
  • Standards: IEEE 2883 (technical standards organisation) or NIST 800-88 (government authority)
  • Results in a public certification

AAL4

Product Claims Test

  • Formal independent validation of manufacturer’s claims
  • Focus: Effectiveness to sanitize data on various storage media
  • Conducted by forensic technical experts at ADISA Research Centre
  • Results in a public certification
  • Not recognised by a relevant government authority
  • Singular validation (no ongoing formal independent assessment)

ADISA ITAD Essentials Standard

  • Formal independent professional evaluation
  • Focus: Management of key risks in the core ITAD process
  • Conducted by a qualified ADISA Auditor and a forensic technical expert
  • Results in a public certification
  • Not recognised by a relevant government authority
  • Renewed annually (no ongoing formal independent assessment)

AAL3

Informal assessment carried out by an internal or external competent individual or entity. As ADISA conducts formal independent certification and testing, this is not in scope for the products that we offer.

AAL2

Available for purchase from known credible sources and accepted wide spread usage. As ADISA conducts formal independent certification and testing, this is not in scope for the products that we offer.

AAL1

Assurance Level 1: Unproven and unknown but no reports against product or service. As ADISA conducts formal independent certification and testing, this is not within the scope of the products that we offer.