NanoSoftNanoSoft
Certifications and compliance

ISO certified ITAD, secure data destruction and audit-ready evidence

Secure IT asset disposal is only useful if it can be proven. Nanosoft helps organisations retire IT assets securely, recover value and maintain evidence through chain-of-custody reporting, certified data destruction, asset-level records and compliance-ready documentation.

Get a free ITAD assessmentRequest a data destruction quote
ISO 27001ISO 9001ISO 14001ISO 45001ADISA Standard 8.0

Why certifications matter

Evidence your auditors can use

ITAD is not recycling. A retired laptop, server, drive or phone still carries recoverable data until it is properly sanitised or destroyed. Procurement, security and audit teams cannot accept a supplier's word for that. They need evidence: who held the asset, how it was sanitised, against which standard, and proof the work was completed.

Founded
2008
Companies House
06579146
Certifications
5 held
Audit pack
10-day SLA
How it works

From collection to certificate in four steps

Every engagement follows the same controlled process. Each step is documented and feeds directly into your audit pack.

01

Book a collection

Same-day quote. We agree scope, volume and any data sensitivity requirements. A collection date is confirmed.

02

Controlled collection

DBS-vetted engineers attend onsite. Every asset is logged by make, model and serial number at the point of collection. Chain of custody begins.

03

Sanitisation or destruction

Assets are processed to NIST 800-88 Rev. 2. The method applied (Clear, Purge or Destroy) is recorded per device. Physical destruction is witnessed or evidenced.

04

Audit pack delivered

You receive a serialised asset inventory, destruction certificates, chain-of-custody log, WEEE evidence and a consolidated close-out report within our agreed SLA.

Certifications we hold

Independently audited and certified

Certifications such as ISO 27001 and ADISA, alignment to NIST 800-88, and a documented chain of custody exist to turn a supplier claim into something an auditor will accept. They reduce the organisation's risk, not just the supplier's.

ISO 27001:2022 UKAS Accredited certificate

ISO 27001:2022

Information security management

Governs how data and the assets carrying it are protected through collection, transport, sanitisation and destruction.

ISO 9001:2015 UKAS Accredited certificate

ISO 9001:2015

Quality management

Keeps the process repeatable, so the documentation you receive is consistent on every engagement.

ISO 14001:2015 UKAS Accredited certificate

ISO 14001:2015

Environmental management

Governs responsible, reuse-first recycling and the handling of waste streams.

ISO 45001:2018 UKAS Accredited certificate

ISO 45001:2018

Health and safety management

Covers safe onsite collection, destruction and decommissioning work.

ADISA Standard 8.0

ICO-approved UK GDPR certification scheme

The clearest UK-specific signal that an ITAD process meets the regulator's expectations under UK GDPR.

Certificate scope and certifying body provided during procurement and supplier due diligence.

Standards and frameworks

Frameworks we operate to

Standards-led, not story-led. Every engagement maps cleanly to the regulations and voluntary standards your procurement, security and ESG teams ask about.

  • NIST 800-88 Rev. 2

    Global

    Media sanitisation guidance covering Clear, Purge and Destroy. The method used is recorded per asset.

  • UK GDPR and DPA 2018 / EU GDPR

    UK + EU

    Data handling aligned to UK and EU data protection law across every engagement.

  • WEEE Directive 2012/19/EU + Regs 2013

    UK + EU

    Recycling aligned to UK and EU WEEE regulations, with transfer evidence.

  • R2v3 alignment

    Global

    Responsible recycling practice across downstream material streams.

  • Basel Convention

    Global

    Documentation governing any cross-border movement of waste streams.

  • F-Gas Regulation

    UK + EU

    Handling of refrigerant-bearing equipment during data centre decommissioning.

Documentation

What clients receive after an ITAD project

Every engagement produces the same audit pack. The items below are what security, finance and sustainability reviewers ask for.

  • Itemised asset inventory report
  • Serial-number-level records
  • Chain-of-custody log
  • Collection note
  • Certificate of data erasure or destruction, stating the method used (Clear, Purge or Destroy)
  • WEEE transfer or recycling evidence where applicable
  • Value recovery report where assets are resold
  • Exception report for any missing, damaged or failed assets
  • Final audit pack consolidating the above
Procurement checklist

What auditors and procurement teams usually ask for

A strong ITAD partner lets you answer yes to all of these.

  • Is the provider ISO 27001 certified?
  • Is there a defined, documented chain of custody?
  • Are serial numbers recorded per asset?
  • Are data destruction methods documented per asset?
  • Is NIST 800-88 alignment stated?
  • Are assets tracked from collection to final disposition?
  • Is there WEEE transfer evidence?
  • Is a certificate of data destruction issued?
  • Is any subcontracting controlled and disclosed?
  • Is value recovery reported transparently?
The difference

Weak IT disposal vs audit-ready ITAD

The gap between the two is the difference between a disposal that passes an audit and one that fails it.

Weak disposal

  • Untracked collections
  • No serial-level reporting
  • Unknown data destruction method
  • No certificate
  • No downstream visibility
  • Poor audit evidence

Audit-ready Nanosoft ITAD

  • Controlled collection
  • Asset-level logging
  • NIST 800-88 aligned sanitisation
  • Certified destruction where required
  • Chain-of-custody reporting
  • WEEE-aligned recycling
  • Clear close-out pack
Our services

See the services behind these certifications

The certifications above apply across every service we provide. Choose the one that fits your project.

Secure Data Destruction

NIST 800-88 aligned erasure and physical destruction with per-asset certificates.

Learn more

IT Asset Disposal

Full-service ITAD from collection through remarketing or responsible recycling.

Learn more

Onsite Hard Drive Shredding

Witnessed physical destruction at your premises with immediate certification.

Learn more

Data Centre Decommissioning

End-to-end decommissioning with full chain-of-custody from rack to certificate.

Learn more
Common questions

Frequently asked questions

What does ISO certified ITAD mean?

It means the provider's IT asset disposition process runs under an independently audited management system, most importantly ISO 27001 for information security. It is the difference between a supplier claiming assets are handled securely and one whose process has been certified against a recognised standard.

Is ITAD regulated in the UK?

There is no single ITAD licence, but disposal is governed by UK GDPR and the DPA 2018 for the data on devices, and by the WEEE Regulations 2013 and Hazardous Waste Regulations for the physical equipment. ADISA Standard 8.0 is the ICO-approved scheme that brings these together for ITAD specifically.

Why does ISO 27001 matter for IT asset disposal?

Retired devices hold recoverable data until they are sanitised. ISO 27001 governs how that data and the assets carrying it are protected through collection, transport, sanitisation and destruction, which is exactly where disposal goes wrong without controls.

What is NIST 800-88?

A media sanitisation standard, widely used internationally, that defines three methods: Clear, Purge and Destroy. Recording which method was applied to each asset is what makes destruction evidence defensible.

What is chain of custody in ITAD?

A documented, unbroken record of who held each asset and when, from collection to final disposition. It is what lets an organisation prove an asset was never unaccounted for.

What should a certificate of data destruction include?

The asset and its serial number, the sanitisation or destruction method used, the date, the responsible party, and a reference that ties it back to the wider audit pack. A certificate with none of these is just a logo on a page.

Do auditors accept ITAD evidence packs?

Yes, where the pack contains serialised records, chain-of-custody logs, destruction certificates with stated methods and WEEE evidence. That combination is built to satisfy security, finance and sustainability reviewers.

Do you provide WEEE documentation?

Yes, recycling and transfer evidence aligned to the UK WEEE Regulations 2013 and the EU WEEE Directive where applicable.

Can IT assets be resold after secure data erasure?

Yes. Working equipment can be sanitised to NIST 800-88, tested and graded, then remarketed, with evidence retained that data was removed before any device left.

Do you support public sector and regulated organisations?

Nanosoft supports regulated organisations and provides the audit-ready documentation procurement and compliance teams need to evidence secure disposal. We do not claim approvals we do not hold; certificate evidence is provided during procurement.

Need an ISO-led ITAD partner with evidence your auditors can use?

Same-day quote, no obligation. UK and European coverage. Speak to a real engineer, not a sales gatekeeper.

Get a free ITAD assessmentCall us
ISO 27001ISO 9001ISO 14001ISO 45001ADISA Standard 8.0NIST 800-88 aligned