GLBA · SOX · PCI-grade ITAD
For banks, insurers, broker-dealers, and FinTech operators retiring hardware that touched customer financial data.
What we hear from financial services teams
Customer financial data is everywhere
Trading workstations, retired ATMs and branch hardware, work-from-home laptops, and even imaging hardware can carry account numbers, SSNs, and transaction histories.
SOX requires documented controls — including disposal
Internal-control attestations now routinely include the disposition of IT assets; "we threw it out" doesn’t satisfy a SOX 404 walkthrough.
PCI media-destruction obligations
PCI DSS §9.8.2 requires media containing cardholder data to be destroyed so it cannot be reconstructed — and demands proof.
How VIG handles it
SOX-friendly settlement reports
Serial-level audit trail issued with the Settlement Report — drops directly into your auditor’s control-effectiveness binder.
NIST 800-88 sanitization aligned to PCI
PCI-acceptable Purge or Destroy methods per media type, with the Certificate of Destruction your QSA expects.
Examiner-ready chain of custody
Documentation suitable for FFIEC, state-DFS, or federal-banking examiner review on request.
Ready to put your financial services ITAD program on autopilot?
Request a pickup or schedule a 15-minute scoping call with our compliance team — no sales pitch, just an honest scope.