Docstoc

partners

Document Sample
partners Powered By Docstoc
					                                              TAMS Maturity Profile & Self Assessment
                                                By Consultant or Self Assessment
                                                           Instructions
Worksheets

This electronic scoring metric includes ten tabs covering each category. You will need to work your way throug
tab, entering a percentage score in 10% increments for all criteria. Scores are tabulated and summarized at
the top of this spreadsheet. Additional instructions appear within each tab to assist you with scoring the
respective category.

All input cells are highlighted in:                   0%

For the purposes of this Self Assessment Reference is allotted to "THEY" throughout this document that deno
Technology Asset Disposition Organizations or "ITAD" for the shortened version.
NOTE: All criteria or questions will include comments for 0% and 100% scores to help you understand
how to score the question.

Move your cursor over the cell with a red triangle.

Scoring

Each of the questions are assigned a percentage weight within its section and can be answered using a 0-4 s

Percentage Weight - Within the given section, indicate the percentage weighting the specific question or crite
Percentage weights for a given section must add up to 100% to ensure accurate scoring.
If your weights do not add up to 100%, you will receive a warning message highlighted in yellow at the top of t

Drop-Down Scoring - Use the drop-down boxes provided to answer each question on the following scale:


                                      Score                          Actual Results

            Best in Class                     4                      Outstanding performance by provider, w
                                                                     internal and external evidence to suppor
                                                                     full compliance with your policies and ex

            Excellent                         3                      Performance is are very solid in most are
                                                                     are followed and documented. Minor ga
                                                                     in their implementation or documentation


            Average                           2                      The provider has processes and procedu
                                                                     the area or issue in question, but does n
                                                                     to support the claims or proof of perform
Below Average    1                        Standardized processes or policies do n
                                          this area. Proof of compliance or implem
                                          notably deficient. Issues previously raise


Poor             0                        You cannot answer the question due to l
                                          by the provider.



Zero Base       0% No improvements are planned for the
                   organization, organization reacts to each
                   and every change imposed upon it.
& Self Assessment
 lf Assessment
ons


 ll need to work your way through each
 abulated and summarized at
 sist you with scoring the




ughout this document that denotation shall be alluding to Information

 to help you understand




can be answered using a 0-4 scale.

 ng the specific question or criterion should possess.

hlighted in yellow at the top of that section.

 stion on the following scale:




ng performance by provider, with both
nd external evidence to support results, and
 ance with your policies and expectations.

nce is are very solid in most areas and processes
ed and documented. Minor gaps may exist
plementation or documentation of these processes.


der has processes and procedures to support
or issue in question, but does not have full documentation
  the claims or proof of performance in implementing them.
zed processes or policies do not exist at the provider in
 Proof of compliance or implementation is absent or
eficient. Issues previously raised have not been addressed.


ot answer the question due to lack of information or support




                         No measurements in place to track any
                         improvements.
TAMS Self Assessment.Maturity Profile Evaluation

Chain-of-Custody
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                 Weight
 Number
                                                                                            100%
      1.1 Is there one single Point of Contact (Chain-of-Custody Agent) for
          their entire processes representing both you and their organization
          and/or partners?
                                                                                              20%
     1.2
           Does your ITAD provider have a Chain of Custody Agent and
           Function to oversee all asset movements, storage, sales, recycling,
           etc.? Is this person completely accountable / responsible for specific
           sign-off, asset movement, tracking, reporting, logistics, storage and
           audits of the partners or subsidaries?
                                                                                               15%
     1.3 Have they told you how often (monthly, quarterly, annually) this
         Chain-of-Custody individual audits their operations and those of the
         partners?
                                                                                               15%
     1.4 Have they shared their Escalation process with you when problems
         are identified internally or with a partner?
                                                                                              20%
     1.5
           Do their Chain-of-Custody Agents conduct "partner" audits in a
           NAID or DOD format? Are all of their audits completed according to
           generally accepted auditing methods (using standard templates)?
                                                                                               10%
     1.6 The confidential data issues, coupled with environmental risks, make
         the chain of custody for retired assets one of the most important
         aspects of the reverse logistics process. It is critical that reverse
         logistics organizations be able to provide serial number capture for
         each asset at the time of pick-up. This ensures that assets that may be
         stolen or lost in transit can be accurately identified in order to
         indemnify clients from the potential liability associated with the
         improper disposal of these stolen or lost assets. Does your provider
         mandate the use of serial number capture either at pick-up or upon
         secured receiving at their facility?

                                                                                               10%
     1.7 How does the Chain-of-Custody Agent maintain contact with their
         downstream partners and EPA/DEP officials i.e. (on-sit visits, email,
         phone, etc)?
                                                                                               10%
     1.8 Does your ITAD provider have the capability to perform hard drive
         encryption prior to pickup and transport?
                                                                               10%
1.9
      How Senior is the Chain of Custody person n their organization or
      who do they report to? If an ITAD partner problems arisse is this
      person able to rectify the noted issue on behalf of the client or does
      s/he lack clout to stop business?
                                                                               10%
appropriate grey boxes.

                                          Response

                                                                             Totals




             0 - Don't Know or Has Not Been Provided                              0.00




             4 - Processes / documentation are fully compliant w/ policies        0.60



             4 - Processes / documentation are fully compliant w/ policies        0.60


             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00



             0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided   0.00




0 - Don't Know or Has Not Been Provided   0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Data Security
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                    Weight
 Number
                                                                                               100%
     2.1 Does your ITAD provider comply with the following Acts: HIPPA,
         FACTA, FERPA, FISMA, Bank Secrecy Act (BSA), Patriot Act,
         IdentityTheft and Assumption Deterrence Act, U.S. Safe Harbor
         Provisions, FDA Security Regulations (21 C.F.R. Part 11), PCI Data
         Security Standards? How do you know? Is your provider or their
         partners National Association for Information Destruction (NAID)
         Certified?
                                                                                                 20%
     2.2
           Has your provider asked for your policies and procedures or provided
           alternate methods they use to destroy data on a hard drive i.e. (are you
           advising them OR are they advising/counselling you)? How "robust" is
           their formal Statement of Work and does it provide for compliance to
           your guidelines and EPA? Are you ensuring their compliance with
           scorecards or surveys?
                                                                                                 20%
     2.3
           Is the software they use to erase data from hard drives or other media
           "home grown" or Does your ITAD provider use a recognized format
           from a recognized company, such as "Blancco?
                                                                                                 20%
     2.4
           Does your ITAD provider erase data employing DOD 5220.22M
           standards for at least 3 passes or can they erase data to NIST 800-88
           standards? Have you viewed that documentation and their actual work
           plan to know if they are complying? If data cannot be erased, has your
           ITAD provider recommended alternatives that fulfill your requirements
           (e.g. shredding)?
                                                                                                 20%
     2.5
           Do they provide a complete portfolio of information regarding their
           logistics carrier, warehouse storage, or down-stream recyclers? Have
           they indicated the controls or audits that are performed on their
           partners deploy to ensure both the hardware and data are secured?
                                                                                                 10%
     2.6
           What types of quality contol metrics and tools does your ITAD provider
           maintain in order to ensure the data is actually erased according to
           standards? How often do they audit their work and are the results of
           internal audits available to you (e.g. reports that are issued)?
                                                                                                 10%
ppropriate grey boxes.

                                           Response

                                                                              Totals




              4 - Processes / documentation are fully compliant w/ policies        0.80




              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Environmental Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                 Weight
 Number
                                                                                            100%
     3.1
           Has your ITAD provider submitted written documentation to
           support the proof that environmentally responsible disposal has
           taken place: (i.e. incineration, smelting, landfill, overseas shipping,
           remanufacturing)? Is there documentation/proof via bills-of-lading
           and their downstream partners' documentation that the assets have
           been destroyed according to State or Federal requirements?
                                                                                               15%
     3.2
           Is your ITAD provider registered with the EPA and have they
           provided you with that registration number? Are they approved as
           collectors or processors in their state(s) they operate?
                                                                                              20%
     3.3
           Has your ITAD provider submitted to you DEP/EPA licences and
           shown the names of those partners and/or EPA inspector's names for
           all their disposal categories: Steel, Batteries, Glass, Aluminum, Power
           Supplies, Boards, Toner, Shrink Wrap, Processors, etc.?
                                                                                              20%
     3.4
           Have your ITAD partner or any of their downstream partners been
           assessed fines or environmental violation notifications in the past 36
           months? Are any of your ITAD's partners operating under warning
           letters or other increased scrutiny?
                                                                                               15%
     3.5 Is your ITAD provider submitting documentation on their policies
         and practices regarding: No Landfill - No Prison Labor - No Export
         Dumping to Third World Countries policies?

                                                                                               10%
     3.6
           Is your provider a closed loop demanufacturing facility (i.e. handle
           all the asset processing in house and place materials back into feed
           stock), or Does your ITAD provider outsource some or all the
           dispositon? What evidence has your ITAD provider submitted to
           verify the assets go where they stated?
                                                                                               10%
     3.7 Has your ITAD provider walked you through the extent of their de-
         manufacturing processes, capabilities, and procedures i.e. (have you
         toured their facilicies to confirm?)
                                                                                               10%
appropriate grey boxes.

                                         Response

                                                     Totals




             3 - Processes and documentation exist        0.45




             3 - Processes and documentation exist        0.60




             3 - Processes and documentation exist        0.60




             3 - Processes and documentation exist        0.45




             3 - Processes and documentation exist        0.30




             3 - Processes and documentation exist        0.30



             3 - Processes and documentation exist        0.30
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Legal Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                 Weight
 Number
                                                                                            100%
     4.1 Has your ITAD provider indemnified you or their affiliates against
         any clams, lawsuits or damages that result from any actions of their
         employees, agents, or representatives while performing duties
         associated with your account?
                                                                                              30%
     4.2 Has your ITAD provider agreed, at their own expense, to defend any
         and all legal actions brought against you and their staff and to pay all
         related attorneys' fees, judgments, and other expenses?

                                                                                               15%
     4.3
           Do all Access Individuals (e.g. those who have access to your assets
           and their operations) have the following documentation: Criminal
           Records Search, Emploment History Verification, Drug Screening
           Results? This activity should include drivers, processoers, sorters,
           driver helper, warehouse personnel, etc.
                                                                                               15%
     4.4 Has your ITAD provider indemnified you against any action
         involving their subcontractors, franchises, affiliates and/or their
         subsidiaries performing this work?
                                                                                              20%
     4.5
           Has your ITAD provider certified that their company will comply
           with all employment-related laws and regulations, including those
           related to wages and hours, EEO, ADA, affirmative action,
           immigration, worker's compensation, etc.?
                                                                                               10%
     4.6
           Does your ITAD provider verify all criminal or credit background and
           license information for a prospective or current worker in their
           company? Has your ITAD provider described in detail the level of
           criminal background check they provide (e.g., county of residence,
           last two residences, etc.).
                                                                                               10%
appropriate grey boxes.

                                          Response

                                                                             Totals




             4 - Processes / documentation are fully compliant w/ policies        1.20




             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00



             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Insurance Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                       Weight
 Number
                                                                                                  100%
     5.1 Has your ITAD provider provided a Certificate of Insurance naming your
         company as an additional insured, giving evidence of all coverages that
         the ITAD carries?
                                                                                                    20%
     5.2 Does your ITAD provider maintain a polllution liability insurance policy?
         Does the policy cover your organization for the full cost of the
         investigation, exposure, and clean-up OR do the terms only cover the
         extent of the level of your payment or the value of your assets (e.g. what
         happens if you provide $50,000 in payments/assets but they cause $1
         million in damages?)

                                                                                                    20%
     5.3
           Does their Certificate of Insurance guarantee that the policies described
           therein will not be changed or canceled without thirty (30) days prior
           notice in writing to you? If not, are they willing to comply?
                                                                                                    20%
     5.4
           Does your ITAD provider carry the following types of insurance:
           Comprehensive General Liability ($1M Combined Single Limit) - Worker's
           Compensation (at statutory limits) - Employer's Liability ($1M per
           occurrence) - Automobile Liability ($5M Combined Single Limit per
           occurrence) - Umbrella Liability ($5M per occurrence) - Professional
           Liability & Errors and Omissions Liability ($2M per occurrence) as well as
           any other insurance requirements dictated by your company?
                                                                                                    20%
     5.5 Do you also have a copies of their Certificate of Insurance and insured
         limits for their downstream partners?
                                                                                                    10%
     5.6 Does your ITAD provider's downstream partners and/or logistics-storage
         relationships carry full insurance coverage (e.g. full cost and value) or
         does your ITAD provider deploy "Released Value Insurance" (e.g. per-
         pound-only - just compensated by weight of the asset) coverage in
         transportation or storage?
                                                                                                    10%
ppropriate grey boxes.

                                              Response

                                                                                 Totals




                 4 - Processes / documentation are fully compliant w/ policies        0.80




                 0 - Don't Know or Has Not Been Provided                              0.00




                 0 - Don't Know or Has Not Been Provided                              0.00




                 0 - Don't Know or Has Not Been Provided                              0.00


                 0 - Don't Know or Has Not Been Provided                              0.00




                 0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Audit Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                        Weight
 Number
                                                                                                   100%
     6.1
           Has your ITAD provider detailed how they conduct audits of their down-
           stream partners? Has your ITAD provider communicated who on their
           staff conducts those audits (e.g. a senior management type or staffer)?
                                                                                                     20%
     6.2
           Do you have the right to audit (either by third party or by your employees)
           all records pertaining to the company's handling of your account? Have
           you conducted such audits and has your ITAD provider addressed any
           deficiencies you identified in a prompt manner?
                                                                                                     20%
     6.3 What kind of documentation does the Provider maintain concerning its
         internal environmental management programs?

                                                                                                     20%
     6.4 Are your ITAD provider's auditors independent, objective, and impartial?
         Does your ITAD provider have "Mastery" of the entire process to ensure
         standards and procedures are being followed meticulously within the
         audited operation?
                                                                                                     20%
     6.5
            Does your ITAD provider have a well documented process and maintain
           strict internal controls in the handling and disposal of your assets
           specifically on their down-stream recyclers or logistics/storage partners??
                                                                                                     10%
     6.6 Are the criteria, scope, frequency and methods for their audits and those of
         their subsidiaries or providers defined and communicated? Do the audits
         conform to ISO (9001 or 16004) or other standards setting organizations
         such as NAIDS?
                                                                                                     10%
ppropriate grey boxes.

                                               Response

                                                                                  Totals




                  4 - Processes / documentation are fully compliant w/ policies        0.80




                  0 - Don't Know or Has Not Been Provided                              0.00




                  0 - Don't Know or Has Not Been Provided                              0.00




                  0 - Don't Know or Has Not Been Provided                              0.00




                  0 - Don't Know or Has Not Been Provided                              0.00




                  0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Physical Security
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                              Weight
 Number
                                                                                         100%
     7.1 Is there a closed circuit camera system monitoring all access
         points into the building with sufficient clarity to identify people
         and their what activities they are involved with regarding your
         assets?
                                                                                            15%
     7.2 Do all visitors sign-in to a Visitor's Log maintained by the ITAD
         provider/ company? Are visitors provided a Visitor's Badge? Are
         visitors escorted under the supervision of a company official or
         employee at all times while they are in the secure destruction
         building or area?
                                                                                           20%
     7.3
           Is access to the designated facility, client assets, and physical
           client records effectively secured and prevented? Do Access
           individuals (e.g. those with duties and resonsibilities the require
           them to be in that facility or location) display company issued
           employee photo ID badges at all times when working?
                                                                                           20%
     7.4 If area & building is secured does it have: A wall or fence at least 6
         feet high? Lockable gates or doors? Ceiling mounted sensor
         alarms? Closed circuit camera systems with recording devices that
         are monitored?
                                                                                           20%
     7.5
           Does your ITAD provider insist that all vehicles used for transfer
           or destruction have lockable cabs and locked/sealed trailers?
                                                                                            10%
     7.6
           Is the destruction of your IT asset attended by your ITAD
           provider's employee? Moreover, are your assets physically secured
           from unauthorized access or other corporation's assets while in
           custody of the ITAD provider? Are they providing a Certificate of
           Destruction from an EPA registered facility (not just a Photo
           Copy) with proper tracking of the asset either resale or recycling
           with appropriate management signatures?
                                                                                            15%
the appropriate grey boxes.

                                            Response

                                                                              Totals




              4 - Processes / documentation are fully compliant w/ policies        0.60




              4 - Processes / documentation are fully compliant w/ policies        0.80




              3 - Processes and documentation exist                                0.60




              1 - Standard processes do not exist                                  0.20



              4 - Processes / documentation are fully compliant w/ policies        0.40




              2 - Processes exist, but are not fully documented                    0.30
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Business Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                 Weight
 Number
                                                                                            100%
     8.1 Has your ITAD provider certified they and all their partners will
         comply with all of your statements of work that were agreed upon
         without exception and all changes will be approved by you before
         proceeding?
                                                                                              20%
     8.2 Has your ITAD provider experienced any organizational changes
         over the past five years i.e. ( bankruptcy, buy-out, leveraged
         ownership)? Has their company been involved with ITAD services
         for at least two (2) years?
                                                                                              20%
     8.3
            Does your ITAD provider provide itemized lists of all equipment
           received at their facility: serial #, manufacturer, model, asset
           number, systems configuration, and person processing the asset?
           Moreover does your ITAD provider chisel, use solvents, rezors, or
           sanding to ensure the removal of all identifiers including asset tags,
           embedded security tags, marker labeling, embossed and branding
           BOTH externally and internally?
                                                                                              20%
     8.4
           Has your ITAD provider provided a list of 2 accounts to be used as
           references for which they have run a program in the last two years of
           the size proposed? Has your ITAD provider listed three clients who
           stopped using them in the past 24 months?
                                                                                              20%
     8.5
           Has your ITAD provider provided names of three competitors /
           industry benchmarks and how each is tracked against them?
                                                                                               10%
     8.6 What national organizations are they an active and participating
         member?
                                                                                               10%
appropriate grey boxes.

                                          Response

                                                                             Totals




             4 - Processes / documentation are fully compliant w/ policies        0.80




             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00




             0 - Don't Know or Has Not Been Provided                              0.00



             0 - Don't Know or Has Not Been Provided                              0.00


             0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Logistics
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                                      Weight
 Number
                                                                                                 100%
     9.1 Does your ITAD provider have written policies and procedures for their
         drivers, receiving,storage and warehouse people for packing, loading,
         transportation and storage?
                                                                                                   15%
     9.2 Are they showing up with the correct equpment to de-install, pack and
         palletize your assets?
                                                                                                   15%
     9.3 Does your ITAD provider conduct current Drug and Criminal Records
         Searches (upon hire and once every 7 years minimum)? No person
         convicted of felony, fraud, burglary or larceny should come in contact
         with confidential information.
                                                                                                   15%
     9.4 Does your ITAD provider conduct meaningful training for their
         employess on how to handle technology assets? Does your ITAD
         provider provide ongoing training for their people and Has your ITAD
         provider shared that information with you?
                                                                                                   20%
     9.5 Does the Logistics Provider have:

           * GPS on their vehicles
           * Government Secured Storage Facilities
           * Policies and procedures on asset receipt and acceptance
           * Electronic or other e-reporting for goods shipment
           * Environmental compliance record
           * Data Security safeguards - Does your ITAD provider lock their trucks
                                                                                                   20%
     9.6 Does their logistics provider have I-9 For U.S. Employees hired after 11-
         7-1986 and Employment History verification? Are their employees
         certified to work legally in the United States?
                                                                                                   20%
     9.7 Have you checked their DOT number at the federal Motor Carrier Safety
         Administration’s Safety and Fitness Electronic Records System’s Web
         Site? Are they there and Does your ITAD provider demonstrate a
         satisfactory record?
                                                                                                   10%
propriate grey boxes.

                                         Response

                                                        Totals




              0 - Don't Know or Has Not Been Provided


              0 - Don't Know or Has Not Been Provided        0.00




              0 - Don't Know or Has Not Been Provided




              0 - Don't Know or Has Not Been Provided        0.00




              0 - Don't Know or Has Not Been Provided        0.00



              0 - Don't Know or Has Not Been Provided        0.00




              0 - Don't Know or Has Not Been Provided        0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
TAMS Self Assessment.Maturity Profile Evaluation

Other Business Considerations
           Please provide weights for and responses to each question in this section in the appropriate grey boxes.

Question                                                                               Weight
 Number
                                                                                          100%
    10.1 At the end of the day, do you absolutely TRUST they'll do what
         they've committed? How can you be sure? Does your ITAD
         provider agree upon only 1 Statement of work for themselves and
         their partners? How do you know?
                                                                                             25%
    10.2 How thouroughly have you investigated or how much revelation
         has your ITAD provider submitted about their business partners?
         How much transparency has been forthcoming on a willing to
         know basis and not on your need to know?

                                                                                             15%
    10.3 Have you checked with the Better Business Bureau and have you
         thoroughly done an extensive background check on their
         references?
                                                                                            20%
    10.4 Has your ITAD provider provided you taxation details concerning
         any possible 1031 Tax exchange opportunities for up to a 25% tax
         savings?
                                                                                            20%
    10.5
           Has your ITAD provider included sample reports from other
           customers including performance metrics and service issues and
           other data that they recommended as important?
                                                                                             10%
    10.6 Has your ITAD provider provided a procedures manual to assure
         you that there is a regular, scheduled quality control procedure for
         ensuring data information is within stated schedules and
         procedures?
                                                                                             10%
he appropriate grey boxes.

                                           Response

                                                                              Totals




              4 - Processes / documentation are fully compliant w/ policies        1.00




              0 - Don't Know or Has Not Been Provided                              0.00



              0 - Don't Know or Has Not Been Provided                              0.00



              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00




              0 - Don't Know or Has Not Been Provided                              0.00
0 - Don't Know or Has Not Been Provided
1 - Standard processes do not exist
2 - Processes exist, but are not fully documented
3 - Processes and documentation exist
4 - Processes / documentation are fully compliant w/ policies
`
                                            Self Assessment Using Asset Dispositio

    Quick Overview

                      The TAMS Self Assessment and Maturity Profile provides guidelines for assesing your Ass
                       criteria are evaluated and scored for assessing overall quality performance within the org




                                                             Maximum Score
                        1.0   Chain of Custody                           36
                        2.0   Data Security                              24
                        3.0   Environmental                              28
                        4.0   Legal                                      24
                        5.0   Insurance                                  24
                        6.0   Audits                                     24
                        7.0   Security                                   24
                        8.0   Business                                   24
                        9.0   Logistics                                  28
                       10.0   Intangibles                                24
                                        Total Points                      260

    Color Scoring

    Your percentage scores are highlighted in one of three colors:

               Good Score falls in a range between =>                     80%
               Caution falls in a range between =>                        60%
               Poor Score falls in a range between =>                      0%




                40
                35
                30
                25
                20
                15
                10
                  5
                  0
0
                   Data Security Environmental
    Chain of Custody                             Legal


                                                         Maximum Score
ment Using Asset Disposition Maturity Profile



 ofile provides guidelines for assesing your Asset Disposition readiness within an organization. The
 sing overall quality performance within the organization. These criteria fall into 10 categories, as
                   summarized below:


                    Your Company's Percent Score
                                             73%            Color Scoring:                              26.1
                                             20%                                                         4.8
                                             75%                       Good overall score               21.0
                                             30%                       Caution - needs to improve        7.2
                                             20%                       Poor - needs major improvement    4.8
                                             20%                                                         4.8
                                             30%                                                         7.2
                                             20%                                                         4.8
                                              0%                                                         0.0
                                             25%                                                         6.0
                                                 33%




                                    100%
                                     79%
                                     59%


                SWOT Summary Analysis
     Insurance   Audits       Security      Business   Logistics   Intangibles


Maximum Score        Your Company's Score
            Cost Analysis Statement
            Companies fail to assess the true costs of keepong and securing obsolete Assets
            A Quick View of Reality for those Costs:
                 For the Year Ended:                       Year
Expenses:
            Number of Stored Assets                           $5,000
            Amortization                                      $3,000
            Square footage costs-Rent                         $1,000
            Monthly cost = sq.ft. costs x 12 months           $1,000
            Annual cost of fixed security systems (cameras)   $2,133
            Annual cost of security employees for site       $11,000
            Contract Labor or other IT labor to audit         $4,000
            Annual cost of insurance for assets not removed   $6,000
            Software costs on assets in inventory             $1,000
            Depreciation                                      $3,000
            Admin and accounting fees to track assets         $1,000
            Executive & Mgt. fees to supervise              $190,000
            Mainenance and janitorial for asset storage       $1,000
            Costs to relocate assets people/equipment         $1,000
            Per Machine Compliance Cost (HIPPA/Sarbanes)        $100
            Permits and Licenses                              $6,000
            Other                                            $43,000
                                                             $18,000
            Total Expenses                                   $14,000


TAXES       Impact of the 1031 Tax Exchange potions +/- 25%
Checklist of Readiness for ITAD – Background Segment
The following in-Depth Questions seeks to portray a Best
Practices scenario for an ITAD Program; however, we
realize each organization is unique , therefore we have
provided additional questions so organizations may
customize their approach to satisfy their needs or
requirements

Question                                                            Category
BUSINESS BACKGROUND
Has your ITAD provider provided the legal name of their
                                                                       L
company?
Has your ITAD provider provided detail and documents on what
state their business is incorporated along with their Federal Tax      M
ID?
Do they qualify asa Minority Company:                                  L
Is their company a certified Minority Business Enterprise (MBE)?
                                                                       L

Is their company a certified Woman Business Enterprise (WBE)?
                                                                       L

Is their company a certified Small Business Enterprise (SBE)?          L
Is their company a certified Disabled Veteran Business Enterprise
                                                                       L
(DVBE)?
Has your ITAD provider provided the name, phone number and e-
                                                                       M
mail of your primary point of contact in this Agreement?
Has your ITAD provider provided their company's website
                                                                       L
address.
Has their company certified it and all their partners will comply
with all of your statements of work that were agreed upon,
                                                                       H
including an on-site survey and any Background Reference
Documents of their down-stream partners or subsidaries?
Is the Provider assisting you or partnering with the following:
Environmental Compliance program review                                H
Data Security information and white papers                             M
Pre-negotiated Logistics fees without markup                           M
Secure Storage and secure asset protection                             H
Compliance with your Internal Policies                                 H
Total Cost Reduction on a strategic and transactional basis            L
Resale and remarketing of saleable assets                              L
Have they provided names of three competitors / industry
                                                                       M
benchmarks and how each is tracked against them?
Have they provided a list of 3 accounts that the you can call as
references* for which they have run a program in the last three         M
years of the size proposed to you?
Have they listed two clients who stopped using them in the past
                                                                        M
36 months?
Have you called the contact listed for the reason they stopped
                                                                        H
using this ITAD?
Are a majority of their employees dedicated to their ITAD services
                                                                        M
e.g. over 60%?
Has their company been established longer than five years?              M
Has their company been involved with the ITAD services at least
                                                                        M
three (3) to five (5) years?
Is their Company owned by, affiliated with, or the owner of any
                                                                        L
other ITAD companies?
Have they provided a brief history of their company with
description of their ownership/organizational structure and
                                                                        M
provided an organizational chart showing the locations of their
domestic offices?
Has their firm experienced any organizational changes over the
past five years i.e. ( bankruptcy, buy-out, leveraged ownership)?       H

Do you know how many grievances or unfair labor practice
charges have been filed against their company in the past five          M
years?
Do you know what dollar amount per employee was spent on
                                                                        H
training last year?
Have they provided a complete listing of subcontractors,
                                                                        H
franchises, affiliates or subsidiaries?
Have they certified that their subcontractors, franchises, affiliates
                                                                        H
and/or subsidiaries will follow all ofyour requirements?
If so,have they and you reviewed that plan?                             H
Do you know what percentage of revenue your work represent to
                                                                        H
their business,( e.g. +50%)
Are they a National Association for Information Destruction
                                                                        H
(NAID) Certified Destruction Facility?
Have they provided the states in which they are currently licensed
to do business.


Chain of Custody
Is there one single Point of Contact for the entire process
representing both you and their organization, partners to oversee
all asset movement, storage, sales, etc.? Is this
                                                                       H
personcompletely accountable & responsible for specific sign-off,
asset movement, tracking, reporting, logistics, storage and audits
of the partners or subsidaries?




Have they told you how often (monthly, quarterly, annually) this
                                                                       H
individual audits their operations and those of the partners?
Have you viewed a copy of their completed audit to validate their
                                                                       H
completion and quality?
Are reports on security, data destruction, logistics, etc., provided
                                                                       M
and have you viewed completed copies?
Have they informed you they often conduct partner audits in an
"Unannounced" format or are all of their audits, assuming they do      H
them, completed with prior set scheduling?
Have they been willing to Guarantee lowest price among like
customers?


                                                                       M
                                                                       L
                                                                       H
                                                                       H
                                                                       M
                                                                       M
                                                                       H

LEGAL
Have they certified that their company will comply with all
employment-related laws and regulations, including, but not
limited to, those related to wage and hour, equal opportunity in       H
employment, affirmative action, immigration, worker's
compensation, etc.?
Do they verify all criminal or credit background and license
information for a prospective or current worker in their company?      H

Have they described in detail the level of criminal background
check they provide (e.g., county of residence, last two                H
residences, etc.).
Have they indemnified you against any action involving their
subcontractors, franchises, affiliates and/or their subsidiaries     H
performing this work?
Are they currently being investigated by any government agency?
                                                                     M

If so, have they provided a summary indicating which country
and/or state is doing the investigation and the nature of the        M
investigation?
Have they indemnified you or their affiliates against any claim,
lawsuits or damages that result from any actions of their
                                                                     H
employees, agents, and/or representatives for their failure to act
while performing duties associated with their account?
Have they collected all applicable local, state and federal taxes,
including but not limited to sales tax, for each location in which   M
they provide services for you? (How do you know?)
Have they agreed, at their own expense, to defend any and all
actions at law brought against you and their staff and to pay all
                                                                     M
attorneys' fees and all other expenses and promptly discharge
any judgments arising therefrom.
Have they ever had a labor-related work slowdown or stoppage?
                                                                     M

Have they been cited for any OSHA violations in the past 2 years?
                                                                     M

Do all Access Individuals have the following documentation:
Criminal Records Search, Emploment History Verification, Drug
                                                                     H
Screening Results? This activity should include drivers,
processoers, sorters, driver helper, warehouse personnel, etc.
Did they affirm that their company is in full compliance with all
                                                                     M
Federal Laws pertaining to equal employment practices?
                                                                     L
Do any of your company personnel currently sit on their
                                                                     L
company's Board of Directors?
Have they outlined what penalties are they willing to pay if their
firm is not in compliance with the contractual obligations state     M
above for lowest price among like customers?
                                                                     M
Environmental
Have they had fines or been notified of any environmental
violations in the past 2 years?
Have they articulated their DeManufacturing process / capabilies
                                                                     H
and provided policies & procedures?
Is the Provider a closed loop demanufacturing facility( e.g. handle
all the asset processing in house and place materials back into
                                                                      H
feed stock or do they outsource some or all the dispositon)?

Do they have an inspector for Solid or Hazardous waste and Air
                                                                      M
Pollution Controls?
Have they provided the name and contact information for each
                                                                      H
specific commodity inspector?
Are you aware if recycling activities are done on site or
                                                                      H
outsourced to a down stream partner?
Are they registered with the EPA and have they provided you with
                                                                      M
that registration number?
Have they indicated the names of those partners and/or EPA
                                                                      H
Inspectors for all their disposal categories:
Steel                                                                 H
Batteries
CRT Glass,
Aluminum
Power Supplies
Boards
Toner
Shrink Wrap
Processors
Cardboard?
Does the provider maintain a library of up-to-date summaries of
EPA regulations that are available for your review?
Do they employ a full-time Environmental Director?                    L
Are they approved as collectors or processors in they state(s)
                                                                      M
they operate?
Because media must be disposed in a legal, environmental, and
ethical manner, has the Provider provided written documentation
to support the responsible disposal that has taken place: (i.e.       H
incineration, smelting, landfill, overseas shipping,
remanufacturing?
Does the Provider have appropriate facility permits such as storm
                                                                      H
water and air quality approvals.
Do they deploy Industrial Hygiene testing for their employees for
                                                                      H
exposure to lead and other hazardous materials?
Do they provide a No Landfill - No Prison Labor - No Export
                                                                      M
dumping Program?
                                                                      H
SERVICES
Do they provide or support the following programs:
* Programming Corporate Donations?
* Employee Purchase Programs with the Provider doing the resale
                                                                     L

* Equipment Sales and Re-marketing to outside entities               L
* Lease Return Management                                            L
* Programming Corporate Donations?                                   L
* Warehouse storage that is government / military inspected and
                                                                     L
approved
* Certified State Approved Recycling                                 H
* Hard Drive Data Wiping and Data Destruction Service                H
* Data Storage Device Wiping and Data Destruction Service            M
* Back-up Tape Data Wiping and Data Destruction Service              M
* All Magnetic Media Data Wiping and Data Destruction Service        M
* Diskettes Data Wiping and Data Destruction Service                 M
* CD-Roms Data Wiping and Data Destruction Service                   M
* DVD's Data Wiping and Data Destruction Service                     M
* External Hard Drive Data Wiping and Data Destruction Service       M
* Servers Data Wiping and Data Destruction Service                   M
* Mainframe Hard Drive Erasure                                       M
* Cell Phone Memory Erasure                                          M
Can they perform a "max yield" program to retrofit parts to enable
an asset sale if parts are not included in the host asset?           M

Do they provide itemized lists of all equipment received at their
facility: serial #, manufacturer, model, asset number, systems
configuration, and person processing the asset? Moreover are
they chisel, use solvents, rezors, or sanding to ensure the          L
removal of all identifiers including Asset Tags, Embeded Secuirty
Tags, Marker Labeling, Embossed and Branding BOTH externally
and internally?
Do they provide only 1 Statement of work for themselves and
                                                                     L
their partners?
Do they offer on-line tracking to monitor their progress and
                                                                     L
logistics?
Do they track complaints and issue reports to their clients?         L
Have they agreed to advise you of potential problems as soon as
                                                                     L
you become aware of them? (Do they?)
Have they included sample reports from other customers
including performance metrics and service issues and other data      H
that they recommended as important?
What percent payment discount do they offer?                         M
Is their customer service centralized?                               M
Do they have a toll-free customer service number?                    L
Do they have a quality control program?                              L
Can the customer review their quality control program?               H
Do they provide incentives to workers who will be supporting their
                                                                         M
account for quality work?
Will they provide a list of incentives upon request?                     M
Have they stated how they plan to protect your information
                                                                         M
housed in their system?
If so, can the customer review this plan upon request?                   H
If requested, will they freely assist with your auditing their
operations and making arrangements to do the same with                   M
partners?
                                                                         H
Insurance                                                                L
Do you also have a copy of their Certificate of Insurance for those
                                                                         L
of the Down Stream Partners and their insurance?
Have they provided a Certificate of Insurance naming your
company as an additional insured, giving evidence of all                 L
coverages that the ITAD carries. Have they complied?
Have they agreed that their Certificate of Insurance shall
guarantee that the policies described therein will not be changed
                                                                         L
or canceled without thirty (30) days prior notice in writing to you.
Are they willing to comply?
Do they have Comprehensive General Liability - $1 MM min.
                                                                         L
Combined Single Limit
Worker's Compensation - at statutory limits                              L
Employer's Liability - $1 MM per occurrence                              L
Automobile Liability - $5 MM Combined Single Limit (CSL) per
                                                                         L
occurrence
Umbrella Liability - $5 MM per occurrence
Professional Liability & Errors and Omissions Liability - $2 MM
                                                                         L
per occurrence
Environmental Liability at least $1 M or preferrable $5 M                L
Do they maintain a polllution liability insurance policy?                L

Data Security                                                           L
Do they comply with any or all of the following ACTS:                   L
Sarbanes Oxley                                                          L
FACTA                                                                   L
HIPAA                                                                   L
Gramm-Leach Blily Act                                                   L
What are the Providers Documented Destruction Processes?                L
If they use Partners, what are the Providers Documented Destruction Process, are they different?
                                                                        L
Do they deploy a sampling program and disk testing inspections
                                                                         H

Do they have the ability to produce particle sizes of 1/8 inch
                                                                         H
mnimum dimension or less
What types of quality contol metrics and tools does the Provider
maintain in order to ensure the data is actually erased according         H
to standards
For the standard Physical destruction (not wiping or overwriting)
of hard drives, do they follow written policies and procedures -
                                                                          H
both yours and theirs? Have they provided you that
documentation?
As part of their processes, do they record serial nmbers of the
                                                                          H
hard drives and CPU's being destroyed for each client?
Have they asked for your policies and procedures or provided
                                                                          H
alternate methods they use to destroy data on a hard drive?
Have they provided a procedures manual to assure you that there
is a regular, scheduled quality control procedure for ensuring data
                                                                          M
information is within stated schedules and procedures?

Can they support all types of hard drive subsystems: IDE, SCSI,
                                                                            H
ATA, Fibre Channel, SATA, and SAS
Can they support standard and customized data destruction
                                                                            H
methods up to 99 passes?
Do they erase data employing DOD 5220.22M standards                         H
Do they erase data employing NIST 800-88                                    H
Do they issue Certificate of Destruction issued along with liability waiver H
Do they provide a complete portfolio of information on their down-stream recyclers
                                                                            H
Do they provide Information on the disposition of asset e.g.
                                                                            H
smelted, shredded, remanufactured, remarketed, etc.
                                                                          H
Physical or Site Security
Have you viewed or had documented what kind of on site security
systems and processes are in place at their facilities to ensure
protection of both the hardware and the software?
Do Access individuals display company issued photo ID badges
at all times when working. Badges must include a photo,                   H
employee name/number, and company name?
While in operation, drivers and other employees wear a specific
uniform of the company to improve recognition, do they?                   H

 At time of pick-up do they provide receipt certificate of
                                                                          H
destruction?
Is all destruction attended by a company employee or physically
secured from unauthorized access while in custody of the                  M
Provider?
Do they insist that containers or transportation used for
destruction from client location to Provider have operable locks          H
and are locked when unattended?
Do they insist that vehicles used for transfer of materials have
                                                                         H
applicable governmental inspection for roadworthiness?
Do they insist that all vehicles used for transfer or destruction
                                                                         H
have lockable cabs and locable enclosed boxes?
Do they insist that all vehicles used for transfer have readily
                                                                         H
accessible two-way communications?
Is unauthorized access to the designated facility, client assets,
                                                                         H
and physical client records effectively secured and prevented
Do all visitors sign-in to a Visitor Log maintained by the company,
are they provided a Visitors Badge and are they escorted or
                                                                         H
under the supervision of an Access Individual at all times
whilethey are in the secure destruction building or area?
Are visitors under supervision of an authorized employee at all
                                                                         H
times while in the plant and are records available for 1 year.
If area is secured in the building does it comply with: A wall or
fence of at least 6 feet - The wall or fence must have a lockable
gate or door - If the wall or fence does not got the the ceiling, it     H
should have a ceiling mounted sensor alarm inside and is ther
closed circuit camera systems.
If there Is a closed circuit camera system monitoring all access
points into the building with sufficientclarity to identify people and   H
their activities.
Do they have 90 days of play back and do they conduct random
                                                                         H
sampling
IF Media collection sites are used for storage, are they
                                                                         H
transferred to the destruction site within 3 business days?
If transfer sites are used to store materials for destruction do
assets get stored longer than 15 days and do these locations
                                                                         M
meet the same security requirments and the operational metrics.

Do they have a CCTV system that is checked on a weekly basis
                                                                         H
that includes a minimum 5 minutes of playback
During a Tour do you see any evidence of unshredded or
confidential information in wast receptacles or loose information        H
bearing material scattered in or around the facility?
What kind of on site security systems and processes are in place
at their facilities to ensure protection of both the hardware and        H
the software?
Are media securely contained during transfer from your site and
custody in their transportation vehicles to prevent loss from wind,      H
theft, or atmospheric conditions such as heat, rain, etc.?
                                                                         H
Audits                                                                   7
Has their firm had challenges keeping track of any of the data
items that you require or have required in the past?
Is there a robust and documented audit trail for themselves,
                                                                        H
partners and others?
Are the auditors independent, objective, and impartial? Do they
have "Mastery" of the entire process to ensure the standards and
procedures are being followed meticulously within the audited           H
operation? Most importantly are they impartial?

Does the audit conform to ISO or other standards setting
                                                                        H
organizations such as NAIDS?
Do they provide details on each location on their information
                                                                        H
dEstruction practices?
Are are activities including verification of the correcteive action
                                                                        H
reported as results?
Are the criteria, scope, frequency and methods for their audits
and those of their subsidiaries or providers defined and                H
communicated?
How is the record keeping maintained?                                   H
Do the audits fulfill client requirements or only their own?            H
Certificates of Destruction offer no protection if the Provider is
disposing of the asset illegally - do you have detailed tracking
                                                                        H
reports - bills of lading - and inventory documentation to prove the
assets were transferred and properly disposed of?
What kind of documentation does the Provider maintain
concerning its internal environmental management programs?
Does the provider have a well documented process and maintain           H
strict internal controls in the handling and disposal of your assets?

Have you conducted a site visit to inspect their processing
                                                                        H
facilities?
Has your ITAD provider detailed how they conduct audits of their
                                                                        M
down-stream partners
Has your ITAD provider communicated who on their staff
                                                                        H
conducts those audits
Is his/her experience level of managerial stature and reporting
                                                                        H
only to CEO or Board Level?
The customer reserves the right to audit (either by third party or
by customer employees) any and all records as they pertain to
                                                                        H
their company's handling of our account. Has your ITAD provider
agreed to this right?
If so, Has your ITAD provider described the problem and
explained what their firm has done to improve its data collection       H
and distribution capabilities?
Logistics and Storage
Have you checked with the Better Business Bureau
Have you checked their DOT number at the federal Motor Carrier
Safety Administration’s Safety and Fitness Electronic Records       M
System’s Web Site
Does the license belong to them?                                    M
Are they licensed for interstate or intrastate moves?               H
Has another company arrived to truck their/your assets or used a
                                                                    H
rental truck?
Does the Logistics Provider give you:                               H
Full insurance (100% coverage) or Released Value e.g. based on
weight of the asset – usually $0.60 per pound so a laptop at 6
pounds at loss would result in $3.60 returned to the client.
Are their assets consigned at the dock or at delivery?              H
Does their logistics provider:                                      H
 Have Uniforms, ID BADGES with Photos and the Name of the
Organization on?
Conduct meaningful Training to their employess on how to handle
                                                                    H
technology assets?
Show-up with the correct equipment to de-install, pack, palletize
                                                                    H
and move your assets?
Current Drug and Criminal Records Search (must be current)
Normally means within last 7 years from current date. No person
                                                                    H
subject to felony, fraud, burglary or larceny should come in
contact with confidential information
Documentation showing invoices from drug testing lab for random
sampling drug screening for 50% of employees annually?              H

Does their logistics provider have:                                 H
I-9 For U.S. Employees hired after 11-7-1986                        H
Criminal Records Search                                             H
Employment History Verification                                     H
Drug Screening results                                              H
Licenses to drive the vehicles they are operating                   H
Documentation from outside agency that verifies one-third of
Access people have had criminal searches anually or all             H
screened every 3 yrs.
Does the Logistics Provide have:                                    H
* GPS on their vehicles
* At minimum Government Secured Storage                             H
* Policies and procedures on asset receipt and acceptance           H
* Electronic or other e-reporting for goods shipment                H
* Environmental compliance record                                   H
* Data Security safeguards                                             H
Does the firm have written Policies and Procedures for their
Drivers in picking, packing, loading, transporting, and destination?   H

Documented Operational processes – ISO standards                       H
Robust Audit trails and documentation                                  M
Environmental/Legal insurance coverage’s                               H
Expansive reference checks                                             H
Have you checked with the Better Business Bureau                       H
Does the license belong to them?                                       M
                                                                       H
                                                                       H



EDITORS NOTE: Based on a number of surveys and
contacts, we have provided some assistance on the ranking
of questions to facilitate some ease of review or changing of
questions that may be more appropriate for a clients internal
circumstances, policies, procedures, or standards of work
prescribed for Asset Disposition. Those notations are below:

L = Based on ITAD or Asset Disposition we believe the
overall risk to a company to be Lower than the Average

M = Based on ITAD or Asset Disposition we believe the overall risk to a company to be Average

H = Based on ITAD or Asset Disposition we believe the
overall risk to a company if they are not complying or
providing essential details to be Higher and in some cases
carries a significant degree of organizational than the
Average
o a company to be Average
                                                Page 70 of 76


This Section of this document restates the requirements of ISO 14001:2004 for Environmental
Management Systems (EMS) and has been developed to assist TAMS and its clients in the
assessment of environmental management systems for compliance with ISO 14001:2004. This
checklist presents the requirements of ISO 14001:2004 as questions and can be used as an effective
tool for implementing the environmental management system and for self-assessment of the system.

                                    TABLE OF CONTENTS
SCOPE OF CERTIFICATION - Page 1
ENVIRONMENTAL POLICY - Page 1
PLANNING - Page 1
Environmental Aspects - Page 2
Legal and Other Requirements - Page 2
Objectives, Targets & Programs - Page 2
IMPLEMENTATION AND OPERATION - Page 2
Resources, Roles, Responsibility & Authority - Page 3
Competence, Training, and Awareness - Page 3
Communication - Page 3
Documentation System - Page 3 - 4
Document Control - Page 4
Operational Control - Page 4
Emergency Preparedness and Response - Page 4
CHECKING AND CORRECTIVE ACTION - Page 4
Monitoring and Measurement - Page 4
Evaluation of compliance - Page 5
Non-conformity, Corrective and Preventive Action - Page 5
Control of Records - Page 5
Internal Audit - Page 5
MANAGEMENT REVIEW - Page 6

SCOPE OF CERTIFICATION
What is the scope of environmental management system and what scope is being assessed for
certification?
Does it include those environmental aspects which you can control or over which you could be
expected to have an influence?
Is the scope of the environmental management system defined and documented within the
organization’s environmental management system (EMS) documentation?
Are there activities that are excluded from the scope of the environmental management system and
are the reasons for exclusion acceptable?
ENVIRONMENTAL POLICY
Has top management defined the organization’s environmental policy?
a) Is the policy consistent with the scope of the environmental management system?
b) Is the policy appropriate to the nature, scale and environmental impacts of your activities,
products or services?
c) What commitment does your policy make to continual improvement?
                                                 Page 71 of 76


d) What commitment does your policy make to the prevention of pollution?
e) How does the policy include a commitment to comply with relevant environmental legislation and
regulations, and with other requirements to which you subscribe that relate to your environmental
aspects (e.g. Industry guidelines)?
f) Does the policy provide the framework for setting and reviewing environmental objectives and
targets?
g) How is the policy documented, implemented and maintained and communicated to all persons?

h) How is the policy available to the public?
PLANNING
Environmental Aspects
Has the organization established, implemented and maintained a procedure to identify the
environmental aspects of activities, products or services that are within the scope of its EMS, and
that:
(i) it can control
(ii) over which it can be expected to have an influence
Does this include planned or new developments, or new or modified activities, products and
services?
How does the procedure determine those aspects that have or can have significant impacts on the
environment? (i.e. Are details of assessment methodology included).
Are the details of these assessments documented?
Are significant aspects considered throughout all of the EMS processes (e.g.. documentation,
communication, emergency preparedness and response, internal audits)?
Is the procedure(s) maintained?
How is the information on the environmental aspects documented and kept up to date?
Legal and Other Requirements
Has a procedure been established and implemented to identify and have access to applicable legal
and other requirements (e.g.. National Packaging Covenant, Greenhouse Challenge) which your
organization subscribes to that are directly applicable to the identified environmental aspects?

How is this procedure maintained?
How do you ensure that you have access to all of the legal requirements, including codes of practice,
that apply to the environmental aspects of your activities, products and services?
Does the procedure determine how the legal and other requirements apply to the environmental
aspects?
Are the legal and other requirements taken into account in establishing, implementing and
maintaining the EMS (e.g.. objectives, monitoring and measuring, training, auditing etc)?
Is the person responsible for identifying and determining how the legal and other requirements apply
competent to undertake the task?
Note: it does not imply that a legal qualification is necessary.
Objectives, Targets & Programs
Has your organization established, implemented and maintained documented environmental
objectives and targets?
Have these been established at relevant functions and levels within the organization?
                                                   Page 72 of 76


Has your organization established, implemented & maintained a program(s) for achieving its
objectives and targets?
Are the objectives and targets measurable (where practical) and are they consistent with the
following:
���� environmental policy ?
���� legal and other requirements ?
���� prevention of pollution ?
���� continual improvement ?
When setting your objectives and targets how do you consider:
���� legal and other requirements?
���� significant environmental aspects?
How do you consider:
���� technological options?
���� financial, operational and business requirements?
���� the views of interested parties?
Who is responsible at the different levels of your organization for implementing the program(s)?

What are the means and timeframes for achieving the different objectives and targets?
How does the organization ensure that program(s) are amended as a result of new developments,
new or modified activities, products and services?
IMPLEMENTATION AND OPERATION
Resources, roles, responsibility & authority
How are the roles, responsibility and authorities defined and documented and communicated in order
to achieve effective environmental management?
How does management provide resources essential to establish, implement, maintain and improve
the environmental management system?
Do these resources include:
a) human resources?
b) specialized skills?
c) organizational infrastructure?
d) technology?
e) financial resources?
Has the top management appointed a specific management representative(s) for the environmental
management system?
Do the roles of the representative(s) include the defined roles, responsibilities and authority for:

a) Ensuring that environmental management system requirements are established, implemented and
maintained in accordance with ISO 14001:2004?
b) Reporting on the performance of the environmental management system to top management
including recommendations for improvement?
Competence, training and awareness
How does your organization ensure that all persons working for them, or on their behalf (e.g.. staff,
contractors, shift workers, casual staff, labor hire etc), are competent to undertake the tasks that can
cause significant environmental impacts?
                                                 Page 73 of 76


Note: Assessment of competence can be on the basis of appropriate education, training and/or
experience.
Has the organization retained competency records?
How does the organization identify training needs associated with the significant environmental
aspects and the environmental management system?
Has training, or other actions required to meet these needs been delivered, and associated records
retained?
Has a procedure(s) been established, implemented and maintained to ensure that the people working
for, or on behalf of your organization are aware of:
a) the importance of conformity with the environmental policy and procedures and with the
requirements of the environmental management system?
b) the significant environmental aspects and related actual or potential impacts associated with their
work activities and the environmental benefits of improved personal performance?
c) their roles and responsibilities in achieving conformity with the requirements of the environmental
management?
d) the potential consequences of departure from specified operating procedures?
Communication
As relevant to its Environmental Aspects and Environmental Management System, has your
organization established, implemented and maintained procedure(s) for:
���� Internal communication between the various levels and functions of your organization?
���� Receiving, documenting and responding to relevant communication from external interested
parties?
Has the organization decided whether to communicate externally about its significant environmental
aspects?
Has your decision in this regard been documented?
If the decision has been made to communicate this information, has the organization established and
implemented the method(s) for this communication?
Documentation System
Does your organization’s environmental management system documentation include:
���� the environmental policy, objectives and targets?
���� a description of the scope of the environmental management system?
���� a description of the main elements of the environmental management system, their interaction and
reference to related documents?
���� documents and records required by the Standard?
���� Documents, including records, necessary for the effective planning, operation and control of
processes related to its significant aspects?
How is this maintained?
Control of documents
Has your organization established, implemented and maintained a procedure(s) for controlling all
documents required by this ISO 14001?
Does the procedure address:
(a) Who approves the documents for adequacy before they are issued?
(b) how they are periodically reviewed, updated and re-approved as necessary?
(c) how changes and the current revision status are identified?
                                                 Page 74 of 76


(d) How current versions of relevant documents are made available at points of use?
(e) How the legibility and identification of the documents is ensured?
(f) How external documents, as determined by the organization for effective planning and operation
of the environmental management system are identified and controlled?
(g) How to prevent obsolete documents against unintended use, and apply suitable identification to
them if they are retained for any purpose?
Operational Control
How has your organization identified and planned those operations that are associated with the
identified significant environmental aspects in line with its policy, objectives and targets?
How have these activities been planned, including maintenance, in order to ensure that they are
carried out under specified conditions that includes:
a) Establishing, implementing and maintaining documented procedures to cover situations where
their absence could lead to deviations from the environmental policy and the objectives and targets?

(b) stipulating operating criteria in the procedures?
(c) Establishing, implementing and maintaining procedures related to the identified significant
environmental aspects of goods and services used by the organization and communicating applicable
procedures and requirements to suppliers and contractors.
Emergency Preparedness and Response
Has your organization established, implemented and maintained a procedure(s) to identify the
potential emergency situations and potential accidents that can have an impact on the environment?

Are significant environmental aspects considered in the emergency preparedness and response
procedure(s)?
Does the procedure(s) cover how the organization will respond to these situations?
How do these procedures allow for the prevention and mitigation of the adverse environmental
impacts that may be associated with actual emergency situations and accidents?

How does the organization periodically review and revise its emergency preparedness and response
procedures, particularly after the occurrence of accidents or emergency situations?
Have you periodically tested such procedures (where practicable)?
CHECKING AND CORRECTIVE ACTION
Monitoring and Measurement
Has your organization established, implemented and maintained a procedure(s) to monitor and
measure, on a regular basis, the key characteristics of its operations that can have a significant
impact on the environment?
How does this procedure include the recording of information to monitor:
(a) performance?
(b) relevant operational controls?, and
(c) conformity with the organization’s environmental objectives and targets?
How is monitoring and measuring equipment calibrated or verified and maintained?
Are calibration or verification records retained?.
Evaluation of compliance
                                                Page 75 of 76


Has your organization established, implemented and maintained a procedure(s) for periodically
evaluating its compliance with the applicable legal and other requirements?
Are the records of the results of these periodic evaluations maintained?
Non-conformity, Corrective & Preventive Action
Has the organization established, implemented and maintained a procedure(s) for :
(a) dealing with actual and potential non-conformities, and
(b) corrective and preventive action?
Do the procedures defined requirements for:
(a) identifying and correcting non-conformities and taking action to mitigate the resulting
environmental impacts?
(b) Investigating the non-conformities, determining their causes and take action to avoid their
recurrence?
(c) Evaluating the need for actions to be taken to prevent non-conformities, and implementing
appropriate actions?
(d) Recording the results of corrective and preventive actions taken?
(e) Reviewing the effectiveness of corrective and preventive actions?
Are the responsibilities and authorities for this process defined?
How is this procedure updated?
How do you decide that the action(s) taken to eliminate the causes of actual and potential non-
conformities are appropriate to the magnitude of the problem(s) and the environmental impact(s)
encountered?
How do you ensure that changes (if any) are made in the environmental management system
documentation?
Control of Records
Has your organization established, implemented and maintained procedures for the identification,
storage, protection, retrieval, retention and disposal of environmental records?
How are these updated?
Do these records include those that are necessary to demonstrate conformity to the requirements of
the standard and include (for example), records of:
(a) competence, training & awareness?
(b) communication?
(c) evaluation of compliance with legal and other requirements?
(d) monitoring and measurement?
(e) corrective & preventive action?
(f) Internal audits?
(g) Management review?
Are the records legible, identifiable and traceable ?
How do you store the environmental records in such a way that they are readily retrievable and
protected against damage, deterioration or loss?
Internal Audit
Has your organization planned, established, implemented and maintained a program and
procedure(s) for periodic internal audits to be conducted?
Do these internal audits determine whether or not the environmental management system:
                                                Page 76 of 76


(a) conforms to planned arrangements for environmental management including the requirements of
this standard, and
(b) has been properly implemented and maintained?
How does the audit program take into consideration the environmental importance of the operations
concerned, and the results of previous audits?
How does the organization provide information on the results of audits to management?
Does the audit procedure cover:
(a) the responsibilities and requirements for planning and conducting audits, reporting results and
retention of associated records?
(b) The determination of audit criteria, scope, frequency and methods?
How does the selection of auditors and the conduct of audits ensure objectivity and impartiality of
the audit process?
How is auditor competency determined?
Management Review
Has your organization’s top management (at planned intervals) reviewed the environmental
management system, to ensure its continuing suitability, adequacy and effectiveness?
Does the review include assessing opportunities for improvement and the need for changes to the
Environmental Management System, including the environmental policy and targets?
Do the inputs to management review include:
(a) results from internal audits and evaluations of compliance with legal and other requirements?

(b) Communication from external parties, including complaints?
(c) The environmental performance of the organization?
(d) The extent to which the objectives and targets have been met?
(e) The status of corrective and preventive action
(f) Follow-up actions from previous management reviews
(g) Changing circumstances, including developments in legal and other requirements related to its
environmental aspects, and
(h) Recommendations for improvement?
Do the outputs from the management review include decisions and actions related to possible
changes to the environmental policy, objectives, targets and other elements of the environmental
management system, consistent with the commitment to continual improvement?

Are the records of the management reviews retained?

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:28
posted:10/23/2011
language:English
pages:76