FAQ r2v3 standard

The R2 Standard provides a common set of criteria to recognize responsible reuse and recycling practices, all along the used portion of the electronics lifecycle. R2 Certification is the formal program for evaluating and monitoring businesses in meeting the R2 Standard, protecting of the environment, the health and safety of workers, and communities, and positively impacting the movement toward a sustainable circular economy while, enriching the lives of people all around the world.

The R2 facility must be a commercial place of business such as industrial unit in a complex, free-standing commercial building, retail store location, office environment. All of the R2 requirements are applicable based on the R2 facility address. If you move from one location to another the R2 certification does not travel with you to your new location but rather a transfer audit assessment must be performed by the Certified Body (Registrar) to ensure that there is no change in the processes at your new location.

For example:

ABC Cellphones is located within an industrial complex, business is good and ABC Cellphones is growing and now have outgrown their existing location and decide to move to a larger facility. After the completion of the move - ABC Cellphones must notify their Certification Body(CB) of their move and then the CB will perform a “transfer audit” at ABC Cellphone new location to verify that there is no change in the processes from one facility address to the other. Subsequently a new R2 Certificate will be generated reflecting the current address of ABC Cellphones.

ISO 14001 - Environmental Management System and ISO 45001 Health & Safety Management System are perquisites for achieving certification to R2v3.

Additionally based on R2 facility processes the need for ISO 9001 Quality Management System is also applicable.

As part of the R2v3 Standard all data bearing assets are required to be data-wiped or data sanitized. The term “logical” data sanitization refers to the method of software being used to perform the data sanitization process.

Examples of Logical Data Sanitization include:

Hard Drive(s) can be data wiped using the following list of software:

Blanco, Killdisk, WipeOS, Bitraser among many others.

Mobile Devices (Cellphones, Tablets, wearables, etc.) can be data wiped either using software or factory reset method.

Software such as Phonecheck, Project Fone D, WipeOS can be used to wipe the data from mobile devices. Alternatively you can use the internal software (iOS or Android) to perform a factory reset on the device.

Both methods are acceptable under the NIST 800-88 requirements.

Physical Data Sanitization involves the use of equipment such as Shredders, Crushers, Degaussing equipment in which assets are placed and are physically destroyed.

Hard Drive Shredders must ensure they offer cross-cut process and that the remaining hard drives pieces are not greater than 4 mm in size.

For a list of NSA Approved Physical Data Sanitization equipment.

As part of the R2v3 Standard requirements there is accompanying document called the REC - R2 Equipment Categorization.

All assets received by the R2 facility must be evaluated based on the R2 REC requirements. The REC document is comprised of two main evaluation criteria: (1) Cosmetic and (2) Functional Requirements.

After testing has been performed all assets must be evaluated both on cosmetic and functional requirements which will ultimately determine it’s final asset grade.

For example: iPhone 12 Pro with damaged lcd screen.

After testing the iPhone 12 Pro all functions are fully working however cosmetically the phone has a damaged screen which is harmful to the end user and impairs its overall function as a phone. Additionally the LCD screen when replaced will attain the highest resale value.

Prior to replacing the LCD screen the iPhone 12 Pro would be graded C or D and after LCD replacement it’s grade would be A or B.

Short answer - No.

There is one exception: If the external vendor is certified as R2v3 then it is permissible to outsource the asset testing and refurbishment process.

Short answer - No.

There is 1 exception: If the vendor where the asset(s) has been purchased from is R2v3 Certified facility then the asset(s) may be returned to the vendor under a RMA process.

If the vendor is not R2v3 certified - IT IS NOT PERMISSIBLE TO RETURN ANY FAILED OR “DOA” ASSETS BACK TO THE VENDOR.

Under the requirements of R2v3 Standard there are three potential outcomes for failed parts or assets as follows:

1. Repair or refurbish for resale using either new or existing parts.

2. Part Harvesting - extract all good working parts from the asset(s) and place into a parts inventory for future use. The remaining components ie. plastics, metal, circuit boards as applicable would be recycled via downstream vendor management.

3. Recycle the parts or asset(s) since the economic value of repair > than the cost of refurbishment and/or marketplace price.

In this context, "software" primarily refers to applications that automate the logical sanitization process and create a record of the sanitization. This means the software should:

Control and direct the entire sanitization process.

Overwrite all user-addressable storage space on the device with non-sensitive data.

Generate a detailed record of the sanitization process, including:

Date and time of sanitization

Unique identifier of the device

Type of sanitization method used

Verification results

No, not always.

While manufacturer resets can erase data, they may not be sufficient to make data irrecoverable by commercial software. Therefore, they cannot be the primary method of logical sanitization. However, if no dedicated sanitization software exists for a specific device, the manufacturer's reset process can be considered "software" if:

The reset process is documented and controlled by an application.

The application records the results of the reset process in a detailed manner.

The application can be demonstrated to fulfill the data sanitization software requirements in Appendix B(11) and the records requirements in Appendix B(10).

In this case, manual sanitization following the manufacturer's instructions is still acceptable. However, you need to:

Have a documented and controlled process for manual sanitization.

Use a tool that can verify the effectiveness of the sanitization process.

Record the results of the sanitization process in detail, including:

Date and time of sanitization

Unique identifier of the device

Type of sanitization method used

Verification results

Appendix B requires software-based data sanitization for commercial facilities to ensure:

Rigor: Software can ensure a consistent and complete sanitization process compared to manual methods.

Transparency: Software keeps detailed records of the sanitization process, promoting transparency and accountability.

Confidence: Software-based sanitization provides reliable evidence that data has been properly overwritten, promoting confidence in the reuse process.

Yes, users can choose to manually sanitize their own devices, as it is their individual choice and risk. However, this approach lacks the rigor and accountability required for commercially reusing devices.

When a device is not encrypted, simply resetting it does not actually erase the data. Instead, the data remains hidden and can be recovered using commercial software. This exposes users to significant data privacy risks.

When a device is encrypted, resetting it destroys the encryption key along with the data itself. This effectively renders the data permanently unreadable, even with specialized software, ensuring a higher level of data security compared to unencrypted devices.

Unfortunately, encryption may not be mandatory on all devices or may be user-configurable. If a user disables encryption, any data stored on the device from that point forward becomes vulnerable and cannot be protected by a subsequent reset.

To ensure your data is securely sanitized, consider the following:

Use devices with full-disk encryption enabled by default.

Avoid disabling encryption on your devices.

Seek professional data sanitization services for sensitive data, especially when dealing with multiple or diverse device models.

Choose data sanitization services that follow the R2v3 Standard, which emphasizes encryption and software-based sanitization for commercial facilities.

Perform additional data wiping procedures before physically disposing of any device.

By taking these precautions, you can significantly reduce the risk of data exposure and ensure your personal information remains secure.

The R2v3 Standard effectively sets the level of logical data sanitization between Clear and Purge as described in NIST SP 800-88 Rev. 1 Section 2.5.

Clear: This method applies to devices where all addressable storage locations can be overwritten. While manufacturer resets may be the only option for some proprietary devices, visual inspection alone is insufficient to verify data erasure as required by Appendix B(13).

Purge: This method renders data recovery infeasible even with state-of-the-art laboratory techniques. R2v3 does not require this level of security, focusing on preventing data recovery using readily available commercial software.

Appendix B(13) goes beyond simply verifying that a record of sanitization exists. It requires actively attempting to recover data from the device using commercially available software. This approach ensures that the sanitization process has successfully rendered the data inaccessible through readily available means.

If a device is physically inaccessible to commercial software due to a lack of functional I/O ports or remote access, then data recovery using such software becomes impossible by design. In such cases, retrieving data would require specialized forensic analysis, exceeding the requirements of Appendix B(13).

No, some common methods like formatting a hard drive or factory resetting an unencrypted device do not guarantee complete data erasure. While they may appear to remove data when visually inspected, commercial data recovery software can often recover sensitive information like pictures, contacts, and messages.

There are several reasons why some data sanitization methods are unreliable:

Incomplete data overwrite: Some methods only overwrite specific areas of the storage media, leaving other areas untouched and potentially recoverable.

Data remanence: Even with overwriting, remnants of the original data may remain on the storage media due to magnetic fields or other physical phenomena.

Hidden data partitions: Some devices may have hidden data partitions that are not affected by standard formatting or reset procedures.

Encryption limitations: While encryption significantly enhances data security, it may not be enabled by default on all devices or may be user-configurable, leaving some data vulnerable.

To maximize data security and prevent recovery, consider the following:

Use devices with full-disk encryption enabled by default.

Avoid disabling encryption on your devices.

Choose data sanitization software that conforms to recognized standards like the R2v3 Standard, which emphasizes software-based sanitization and verification.

Utilize data wiping tools before physically disposing of any device.

Seek professional data sanitization services for sensitive data, especially when dealing with multiple or diverse device models.