IT Logistics Glossary

Plain-language definitions for the certifications, standards, regulations, and technical terms you will encounter when planning a data center migration, decommission, or IT asset disposition project.

Compliance & Regulatory

CCPA— California Consumer Privacy Act: California state law giving consumers rights over their personal data, including the right to have it deleted. For IT asset disposal, CCPA requires that personal information stored on hardware be disposed of in a way that renders it unreadable and unrecoverable.
CFR— Code of Federal Regulations: The official body of rules published by US federal agencies. When you see a citation like "45 CFR § 164.310," it references a specific rule in the Code of Federal Regulations. HIPAA's security requirements, for example, live at 45 CFR Part 164.
CPRA— California Privacy Rights Act: The 2023 expansion of CCPA that strengthened consumer data rights and created the California Privacy Protection Agency (CPPA) as an enforcement body. It raised the bar for how businesses must handle — and dispose of — personal data.
FedRAMP— Federal Risk and Authorization Management Program: A US government program that standardizes security requirements for cloud services used by federal agencies. Vendors serving government clients often need FedRAMP authorization, which includes strict data handling and disposal controls.
GDPR— General Data Protection Regulation: European Union privacy law requiring organizations to protect personal data and document how it is stored, processed, and destroyed. US companies that handle data from EU residents must comply. For IT disposal, GDPR requires verifiable data destruction and records of that destruction.
HIPAA— Health Insurance Portability and Accountability Act: US federal law that governs the protection of patients' medical information (PHI). For IT logistics, HIPAA requires that any hardware storing protected health information be handled, transported, and disposed of with documented chain-of-custody and certified data destruction.
PCI-DSS— Payment Card Industry Data Security Standard: A global security standard that any organization handling credit or debit card data must follow. Requirement 9.8 specifically covers the destruction of storage media containing cardholder data — physical shredding or secure electronic wiping, with documentation.
SOX— Sarbanes-Oxley Act: US federal law requiring publicly traded companies to maintain accurate financial records and implement strong internal controls. For IT asset disposal, SOX mandates that records — including those stored on electronic media — are retained according to schedule and destroyed only with documented evidence.

Certifications

BICSI— Building Industry Consulting Service International: A professional organization that provides education and credentials for information and communications technology (ICT) professionals. BICSI credentials (such as RCDD) indicate expertise in structured cabling, data center design, and infrastructure installation — relevant when evaluating rack-and-stack technical teams.
CTPAT— Customs-Trade Partnership Against Terrorism: A US Customs and Border Protection (CBP) voluntary partnership program designed to strengthen international supply chain security. CTPAT certified companies have reviewed and improved their supply chain security practices against CBP standards. More relevant for import/export logistics than purely domestic transport.
DCCA— Data Center Certified Associate: An entry-level certification for data center professionals, typically covering physical infrastructure, power, cooling, cabling, and safety. It indicates foundational knowledge of data center operations — a useful credential to look for in rack-and-stack technicians.
ISO— International Organization for Standardization: The global body that publishes internationally recognized standards across industries. In IT logistics, the most relevant ISO standards are ISO 27001 (information security) and ISO 9001 (quality management). Certification means an organization's processes have been independently audited against that standard.
ISO 27001— ISO/IEC 27001 — Information Security Management: An international standard that defines requirements for an information security management system (ISMS). ISO 27001 certified vendors have had their information security processes independently audited. Relevant for any logistics or ITAD vendor handling your data-bearing assets.
NAID— National Association for Information Destruction: The trade organization that sets standards for the secure destruction of information in all its forms. NAID AAA Certification is the industry's highest credential for data destruction vendors — it requires unannounced audits of the vendor's actual destruction process, not just self-reporting.
R2— Responsible Recycling (R2 Certification): An internationally recognized certification for electronics recyclers. R2-certified facilities meet documented standards for data security, environmental compliance, and worker safety when processing end-of-life IT equipment. If your vendor recycles equipment, R2 (or e-Stewards) certification is the minimum standard to require.
SOC 2— Service Organization Control 2: An auditing standard developed by the AICPA that evaluates how a service organization manages customer data across five trust principles: security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II reports indicate that controls were tested over a period of time (typically 6-12 months), not just at a single point.
TAPA— Transported Asset Protection Association: A global trade association that develops security standards for the supply chain transport of high-value goods. TAPA certification (including TSR for trucking) is widely recognized as the benchmark for secure cargo transport — particularly for IT hardware and electronics.
TSR— Trucking Security Requirements (TAPA TSR): TAPA's specific certification standard for road transport of high-value cargo. TSR Level A is the highest level, requiring GPS real-time tracking, tamper detection, defined driver security protocols, and third-party audits. It is increasingly required by enterprise and hyperscale clients for IT equipment shipments.

Industry Standards

NIST— National Institute of Standards and Technology: A US federal agency that develops technology standards and guidelines. For IT asset disposal, NIST Special Publication 800-88 ("Guidelines for Media Sanitization") is the most referenced standard — it defines three levels of data destruction (Clear, Purge, Destroy) and specifies which method applies to each type of storage media.
NIST 800-88— NIST Special Publication 800-88 — Guidelines for Media Sanitization: The definitive federal standard for securely sanitizing (wiping or destroying) storage media. It defines three sanitization levels: Clear (software overwrite), Purge (degaussing, cryptographic erase, or secure erase commands), and Destroy (physical destruction). Referenced by HIPAA, PCI-DSS, SOX, FedRAMP, and most enterprise security frameworks.

Security & Data

ESD— Electrostatic Discharge: The sudden flow of electricity between two objects at different electrical potentials — like static electricity. ESD can permanently damage sensitive electronics, including server components, memory modules, and SSDs. Professional IT logistics providers use anti-static packaging, wrist straps, and ESD-safe work surfaces when handling equipment.
PHI— Protected Health Information: Any health information that can identify a patient — medical records, diagnoses, treatment data, billing information — that is created, received, stored, or transmitted by a HIPAA-covered entity. Storage media containing PHI must be disposed of with NIST 800-88 Purge or Destroy-level sanitization and a documented certificate of destruction.
PII— Personally Identifiable Information: Any data that can be used to identify a specific individual — names, Social Security numbers, addresses, email addresses, financial account numbers, and more. Storage media containing PII is subject to data disposal requirements under CCPA, GDPR, HIPAA, and most state privacy laws.
QSA— Qualified Security Assessor: A cybersecurity company or individual certified by the PCI Security Standards Council to assess merchant and service provider compliance with PCI-DSS. QSAs conduct the formal audits that result in PCI-DSS compliance certifications. If your organization handles cardholder data, your QSA will likely review your IT asset disposal process.

Equipment & Technology

HDD— Hard Disk Drive: A traditional mechanical storage device that stores data on spinning magnetic platters. HDDs can be sanitized via degaussing (destroying the magnetic field) or physical shredding. Unlike SSDs, degaussing an HDD renders it permanently inoperable — which is fine for disposal but means degaussed drives cannot be reused.
KVM— Keyboard, Video, Mouse (Switch): A hardware device that allows a single keyboard, monitor, and mouse to control multiple computers or servers. KVM switches are commonly found in data center rack environments and are included in rack inventories during decommissioning. Some KVM switches store configuration data that should be wiped before disposal.
NVMe— Non-Volatile Memory Express: A high-speed storage protocol and form factor used in modern enterprise and consumer SSDs. NVMe drives connect directly to a server's CPU via PCIe lanes, making them significantly faster than traditional SSDs. From a data security standpoint, NVMe drives require the same sanitization approach as SSDs — cryptographic erase or physical destruction.
PBX— Private Branch Exchange: A telephone switching system used within a business to route internal and external phone calls. PBX systems are common in office environments and are typically decommissioned as part of office IT teardowns. Modern IP-PBX systems may store call logs and voicemail data that require secure wiping before disposal.
SSD— Solid-State Drive: A storage device that uses flash memory chips instead of spinning magnetic platters. SSDs cannot be sanitized by degaussing — there is no magnetic field to destroy. Proper sanitization requires cryptographic erase (for self-encrypting drives), manufacturer-specific secure erase commands, or physical shredding/destruction.
UPS— Uninterruptible Power Supply: A battery backup system that provides emergency power to connected equipment when the main power source fails. UPS units are standard in data centers and server rooms. They contain large batteries that require specialized disposal due to environmental regulations — they should not be included in standard IT equipment recycling.

Logistics

DNS— Domain Name System: The internet's "phone book" — it translates human-readable domain names (like powerroute.com) into the IP addresses computers use to communicate. During a data center migration, DNS records for affected systems must be updated as part of the cutover process. Reducing DNS TTL (Time to Live) before a migration speeds up propagation of those changes globally.
DR— Disaster Recovery: The set of policies, tools, and procedures to enable recovery of critical IT infrastructure after a disruption — hardware failure, natural disaster, cyberattack, or facility loss. DR planning often involves establishing a secondary data center site, which requires the same specialist logistics capabilities as a primary deployment.
GPS— Global Positioning System: Satellite-based navigation technology that provides real-time location tracking. In IT logistics, GPS tracking on transport vehicles is a security baseline — it enables real-time monitoring of equipment in transit, geofence alerting for route deviations, and documentation of chain-of-custody during transport. TAPA TSR requires GPS tracking on vehicles moving high-value cargo.
ITAD— IT Asset Disposition: The business of managing end-of-life IT equipment responsibly — including data destruction, value recovery through remarketing, and certified recycling. A legitimate ITAD provider issues serialized certificates of destruction and holds recognized certifications like NAID AAA, R2, and e-Stewards. ITAD is not the same as "throwing old hardware away."
SLA— Service Level Agreement: A formal commitment between a service provider and a client that defines the expected level of service — response times, uptime guarantees, on-time delivery rates, and remedies if those standards are not met. Always get SLA terms in writing before engaging a logistics or ITAD vendor for critical equipment.

Ready to Move Beyond the Research?

We match you with certified, vetted IT logistics providers in under 2 hours. Free, no obligation.

Get Your Free Match