CompuCycle is committed to providing solutions for the responsible, effective management and removal of end-of-life electronic assets in a manner protecting the environment, worker health and safety, our clients, and our community and protecting the confidentially, integrity and availability of information of CompuCycle and our interested parties. As a leading provider of IT recycling, privacy protection and security, and disposal services, we recognize the importance of responsible waste management, ensuring the safety and well-being of our employees, and minimizing the environmental impact of our business activities. Our goal is to provide secure, sustainable, and compliant IT recycling services while adhering to regulatory standards and industry best practices.
1. Purpose
To establish CompuCycle’s commitment to an Integrated Management System that ensures:
- Quality of our services and processes,
- Environmental stewardship and regulatory compliance,
- Health & Safety for employees, contractors, and visitors, and
- Information Security of our data and systems.
By integrating these disciplines under a single QEHSIS framework, we align with ISO 9001, 14001, 45001, and 27001 Annex A controls to drive continual improvement, risk reduction, and compliance.
2. Scope
This policy applies to:
- All CompuCycle offices (Houston HQ, Houston SHRED, and any third-party data centers).
- All employees, contractors, and visitors.
- All processes, products, services, and IT systems managed by CC.
3. Principles & Commitments
1. Customer Focus & Quality:
- Deliver services that meet or exceed customer requirements.
- Monitor key quality metrics (e.g., ticket resolution times, error rates) and drive corrective actions.
2. Environmental Responsibility:
- Prevent pollution and minimize environmental impact (e-waste recycling, energy efficiency).
- Comply with all applicable environmental laws and regulations.
3. Health & Safety:
- Provide a safe workplace through hazard identification, risk assessments, and incident reporting.
- Ensure all personnel receive appropriate H&S training and use required PPE.
4. Information Security:
- Protect the confidentiality, integrity, and availability of CC’s information assets.
- Implement and maintain ISO 27001 controls (Access Control, Cryptography, Incident Management, etc.).
5. Integrated Risk Management:
- Identify, assess, and treat risks holistically across Q/E/HS/IS domains.
- Utilize a single Risk Register to capture all significant risks and treatment plans.
6. Continuous Improvement:
- Conduct regular management reviews, internal audits, and performance evaluations.
- Leverage lessons learned from incidents and tests to improve the QEHSIS system.
7. Compliance & Legal Requirements:
- Comply with all relevant statutory, regulatory, and contractual obligations across quality, environmental, health & safety, and information security.
4. Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Hamza Haroon - COO & Main Security Contact (Sponsor) | • Approve and resource the QEHSIS Policy and IMS Manual. • Review integrated performance metrics and audit findings. • Ensure top-management commitment to continual improvement. |
| Nidhi Shah - QEHSIS Manager (Delegate Approver) | • Maintain the integrated IMS Manual and QEHSIS Policy. • Coordinate management reviews across all four domains. • Chair the QEHSIS Steering Committee. • Liaise with external auditors. |
| CommTech ISMS Team | • Lead Information Security aspects (ISO 27001 Annex A). • Support integrated risk assessments and treatment plans. • Facilitate cross-domain audits and corrective actions. |
| Quality Assurance Lead | • Monitor service delivery metrics and quality objectives. • Drive corrective/preventive actions for non-conformities. • Conduct supplier quality assessments. |
| Environmental Officer | • Track environmental objectives (energy, waste, recycling). • Manage environmental permits and compliance. • Investigate spills or pollution incidents. |
| H&S Coordinator | • Perform workplace inspections and risk assessments. • Report and investigate H&S incidents. • Perform workplace inspections and risk assessments. |
| BC/DR & NOC Teams | • Own business continuity and disaster recovery planning. • Execute quarterly DR tests and monthly backup restores. • Report integrated test results to the QEHSIS Steering Committee. |
| Facilities Manager | • Ensure physical security, environmental controls (HVAC, fire suppression, leak detection). • Coordinate emergency drills and evacuation exercises. |
| Asset Owners & Business Unit Leads | • Identify and classify risks within their domain. • Set domain-specific objectives (e.g., quality targets, H&S KPIs, security metrics). • Review and approve domain control implementations. |
| All Employees & Contractors | • Adhere to this policy and related procedures. • Report hazards, incidents, or security events immediately. • Participate in required QEHSIS training and drills. |
5. Integrated Risk Management & Objectives
- Risk Register: A consolidated log of risks across Quality, Environment, H&S, and InfoSec, maintained in ITGlue under “RiskTreatmentPlan_CC_v1.0.docx.”
- Objectives & KPIs: Published annually; progress tracked in BrightGauge dashboards (Quality metrics, environmental KPIs, incident rates, security incidents).
6. Continual Improvement & Review
- Management Review: Quarterly multi-domain review chaired by Nidhi Shah.
- Internal Audits: Annual audits covering all four domains, coordinated by the QEHSIS Manager.
- Corrective Actions: Logged and tracked in ConnectWise PSA under “QEHSIS_NonConformity” tickets.
7. Policy Availability and Communication
- Location:
SharePoint → Documentation → QEHSIS → – A.5.2.1-P QEHSIS_Policy_2.0.docx – IMS_Manual_CC_v1.0.docx – Organizational_Roles_CC.xlsx
- Awareness: All staff receive QEHSIS induction training during onboarding and annual refresher sessions.