ISO 27001
An ISO 27001-certified security regime for your IT disposition, under XITAD's orchestration
When you retire enterprise IT infrastructure, the real risk is not the logistics but the data still on the hardware. That is why your disposal runs under our oversight through a closed, demonstrably ISO 27001-certified security regime. The handling of your data, from intake to destruction, follows an audited process with certificates at every step. We set the requirements and verify that the process meets them.
ISO 27001 is the international standard for an information-security management system (ISMS). XITAD does not process your hardware itself but orchestrates the chain so that every step runs under this certified regime and all evidence comes together centrally in your portal.
What ISO 27001 means
ISO 27001 is the international standard for an information-security management system, an ISMS. It describes how an organization systematically identifies, controls and demonstrates risks around information. Retired hardware falls within that scope: as long as data resides on it, it remains an information-security risk that must be handled in a controlled and documented way.
A closed, audited chain
Your disposal runs from intake to destruction through one closed chain that falls under an ISO 27001-certified security regime. Every step is an audited part of the process, not a loose action. This keeps the handling of your data, from start to finish, under a recognized and verifiable process.
Certificates per step and evidence
Every step in the chain produces evidence that is recorded centrally. Certificates of destruction and the related reports come together in your XITAD portal, so the complete body of evidence sits in one environment. Your auditors find the proof per step, ready to use for your own audit and compliance file.
We set and verify the requirements
XITAD forms the independent orchestration layer above the process. Before hardware enters the chain, an in-depth compliance check applies, in which a current, independently audited ISO 27001 certification is a hard admission requirement. We set the requirements up front and verify at every step that the process actually meets them.
How your data is handled
Throughout the entire chain, confidential information is handled in a controlled way. All your uploaded data and generated reports are encrypted, both in transit and at rest, and uploads are centrally stripped of foreign metadata. Every status transition is recorded, so the handling of your information stays traceable from intake to destruction.
Destruction decoupled from the sale
Data destruction is fully separated from the eventual sale. Hardware is first made completely data-free and certified; only after that final clearance does a buyer gain access. This order is enforced in the platform, not merely promised: the status only advances once the proof is in.
Frequently asked questions
about the ISO 27001 regime
What does ISO 27001 mean for the disposal of my hardware?
ISO 27001 is the international standard for an information-security management system. Your offboarding runs under a demonstrably ISO 27001-certified security regime, so the handling of your data from intake to destruction falls under a recognized and audited process.
Does hardware disposal fall under ISO 27001?
Yes. As long as data resides on a device, disposal is an information-security risk that falls under the standard and must be handled in a controlled way through a documented process.
Which certificates and evidence do I receive?
Per project we collect the certificates of destruction and the related reports and status history. Everything comes together centrally in your XITAD portal, so the complete body of evidence per step sits in one environment, ready to use for your audit and compliance file.
How does this fit my ISMS?
We consolidate all certificates of destruction and evidence centrally in your XITAD portal, ready to use as a control within your own ISMS. This way the disposal provides demonstrable fulfilment of your information-security obligations.
The certainty of a certified ITAD process.
Tie your hardware disposal risk-free to the strictest international standards through an audited, demonstrably ISO 27001-certified process.