ICT Asset Recovery Standard 8.0
As the UK’s definitive certification for data sanitisation in IT asset disposal, the ADISA ICT Asset Recovery Standard 8.0 is an ICO-approved, UKAS-accredited UK GDPR certification scheme.

Click here to download the standard (UK) 🇬🇧
Click here to download the standard (EU) 🇪🇺
- Demonstrate GDPR compliance with a certification approved by the ICO and accredited by UKAS.
- Dual approval ensures credibility and reliability.
- Meets stringent data protection requirements for secure data removal from IT hardware before disposal or reuse.
What is ADISA ICT Asset Recovery Standard 8.0?
ICT Asset Recovery Standard 8.0 is a certification recognised by the UK Information Commissioner’s Office (ICO) under Article 42 of the UK GDPR. It validates that IT Asset Disposition (ITAD) providers meet high data-protection standards. This certification assures regulators and clients that a company’s data sanitisation processes comply with UK GDPR requirements, offering robust and legally defensible IT asset disposal compliance.
In essence, being certified to this standard not only ensures compliance but also enhances service quality, reduces risk, and helps companies stand out in the market.
What is UKAS Accredited and ICO approved?
ICT Asset Recovery Standard 8.0 is specifically tailored to UK GDPR and formally approved by the ICO as an official UK GDPR certification scheme. ADISA Certification – the scheme owner – is UKAS-accredited to audit this standard. In effect, any ITAD provider certified under ICT Asset Recovery Standard 8.0 has undergone an independent audit process that aligns with the UK GDPR’s accountability requirements. Certified companies can document “sufficient guarantees” of security to their data-controller clients, showing that data protection has been built into every step of the asset disposal proces.
Who is ADISA ICT Asset Recovery Standard 8.0 applicable for
ICT Asset Recovery Standard 8.0 is a certification for processors or sub-processors in the IT Asset Disposition (ITAD) sector, ensuring they meet stringent GDPR data sanitisation standards. This certification, recognised by the ICO, helps ITAD providers demonstrate compliance to clients in regulated sectors like finance, healthcare, and government, streamlining due diligence and audits. It enforces structured risk management through the ADISA DIAL framework, aligning service levels with data sensitivity and risk appetite, and positions certified firms as reliable, legally compliant partners in data protection.
I’d like to monitor an ITAD
ICT Asset Recovery Standard 8.0-certified members undergo regular audits to maintain their certified status; any issues can impact their certification. These audit reports are accessible to end users via the Monitor an ITAD service.
Frequently asked questions ↓
What is an ICO-approved certification?
A scheme approved by the Information Commissioner’s Office as meeting the criteria for UK GDPR privacy certification.
What is a DIAL rating?
A DIAL rating (Data Impact Assurance Level) is a core element of the ADISA ICT Asset Recovery Standard 8.0 that allows data controllers to define the sensitivity, volume, and risk profile of the data being processed during IT asset disposal. It is a risk-based classification system that determines the level of controls an ITAD provider must implement to protect that data. By assigning a DIAL rating to each project, organisations ensure that the data sanitisation methods, physical security measures, and handling procedures used by the ITAD are proportionate to the risk — enabling tailored, auditable compliance aligned with UK GDPR Article 32.