Free ITAD Tool — No account needed
R2v3 Compliance Self-Assessment
Score your ITAD operation against the actual R2v3 standard in 5 minutes. See exactly where you stand before an auditor does.
20 questions5 R2v3 sectionsInstant gap analysisFree
Data Security & Sanitization
R2v3 Core — Data Security
0/20
1
Do you have documented data sanitization procedures aligned with NIST SP 800-88 Rev.1?
R2v3 requires written, auditable sanitization procedures referencing an approved standard.
2
Do you generate a Certificate of Data Destruction (CoD) for every data-bearing device?
Auditors require per-device CoDs traceable back to the specific sanitization event.
3
Is the specific wipe method (Clear / Purge / Destroy) logged per device — not just per batch?
R2v3 auditors require device-level traceability, not batch-level summaries.
4
Do you have a documented process for devices that fail sanitization verification?
Failed sanitization without a remediation process is a direct audit finding.
Chain of Custody
R2v3 Core — Material Tracking
0/20
1
Can you trace every asset from intake through to final disposition in a single record?
R2v3 requires end-to-end chain-of-custody — intake to downstream — for every device.
2
Do you track downstream vendors' R2 or equivalent certifications for all materials you send out?
R2v3 requires documented downstream vendor qualification — unqualified vendors are an automatic audit failure.
3
Can you produce a full chain-of-custody report for any client within 24 hours of a request?
Enterprise clients increasingly require on-demand compliance documentation — this is also an auditor expectation.
4
Do you maintain accurate records of all outbound materials including weight, type, and destination?
R2v3 material tracking requires complete inbound and outbound data for every material stream.
Legal & Environmental Compliance
R2v3 Core — Legal Compliance & EHSMS
0/20
1
Do you have a documented plan for identifying and monitoring applicable environmental regulations?
R2v3 requires an active compliance monitoring plan — not just awareness of regulations.
2
Is your Environmental Health & Safety Management System (EHSMS) formally documented?
R2v3 Core requires a certified EHSMS protecting workers, public, and the environment.
3
Do you have documented procedures for handling hazardous materials (batteries, CRTs, lamps)?
Specialty electronics handling is a dedicated R2v3 Process requirement if your facility processes these.
4
Do you maintain documentation of all applicable environmental permits for your facility?
Permit documentation must be current and available on-site for auditors.
Facility & Worker Safety
R2v3 Core — Worker Health & Safety
0/20
1
Is your facility physically secured against unauthorized access to data-bearing devices?
R2v3 data security requires controlled access to areas where unwiped devices are handled.
2
Do all technicians handling electronics have documented safety training and PPE procedures?
Worker health and safety training is a Core R2v3 requirement with documentation expectations.
3
Do you conduct regular internal audits of your R2v3 compliance processes?
R2v3 expects ongoing self-monitoring — internal audits are reviewed by external auditors.
4
Do you have a documented incident response plan covering data breaches and environmental spills?
R2v3 requires defined response procedures for both data security incidents and environmental events.
Operational Processes
R2v3 Process — Data Sanitization & Test/Repair
0/20
1
Are all incoming IT assets assigned unique identifiers at intake before processing begins?
Device-level tracking from intake is foundational to R2v3 material tracking requirements.
2
Are technicians trained on your standardised condition grading criteria (Grade A/B/C/D)?
Inconsistent grading has no direct R2v3 citation, but directly impacts audit evidence quality and revenue recovery.
3
Do you track and report on material recovery and recycling rates for your operations?
R2v3 requires material recovery tracking to demonstrate responsible downstream handling.
4
Do you have documented procedures for accepting and rejecting inbound material from clients?
R2v3 scope requirements include managing what materials enter your facility and under what conditions.