Amanda Tischer-Buros (00:13)

Welcome back to The Vertical Advantage, our podcast series from Dynamics where we break down what really happens with your old tech and what this means for you. I’m your host Amanda Tischer Burros, VP of OEM Solutions. At Dynamics, we help businesses recover value from their equipment, keep data secure, and give electronics their next best life. If you’re tired of juggling this, you’re managing IT assets, handling compliance, or running a data center, this is for you.

Today we’re talking about selecting a partner in high stakes environments like IT management, electronics recycling, or data center decommissioning. The question isn’t just, do they meet the baseline certification requirements? It’s, will they still hold up when expectations rise or conditions change?

Today I’m joined by Mary Hemmersbach, our VP of Technology. Mary and I have both spent a lot of time thinking and talking about how expectations are changing and how meeting the minimum just isn’t enough anymore in the environments our customers operate in. Let’s get started. Mary, why is it important to talk about certifications and their value to our partners?

Mary (01:14)

Hi, Amanda. Thank you so much for inviting me into this conversation. I’m really excited to dive into this topic because this is where our culture, our operations, and our customer first mindset really come together. You know, one way I like to think about certifications in our industry is kind of like a funnel. ⁓ At the top, there’s a wide group of providers that meet our baseline requirements, what most people would consider table stakes. ⁓ Those certifications are important, but they’re also becoming more and more common.

As you move down that funnel, the number of providers narrows and expectations rise. The investment required into the systems, the people, processes, and overall discipline goes up significantly. At the bottom of the funnel, certifications really stop being about marketing or checking a box. They are increasingly about proof. Proof that your operations can hold up under real scrutiny, under pressure, and when something doesn’t go as planned.

That’s where we choose to operate. We started our certification journey back in 2009, and that longevity matters. These aren’t bolt-on efforts for us. Certifications are embedded into how we design our processes, how we train our teams, how and where we’re investing in technology and making decisions, always with our customers at the forefront of our minds. For our partners, that translates into confidence and peace of mind.

When they trust us with their assets, their data, and ultimately their brand and reputation, certifications really do help demonstrate that trust is well-placed.

Amanda Tischer-Buros (02:46)

Yeah, thanks, Mary. I love the idea of that funnel visual. I think understanding that expertise and confidence continues to grow with those vendors as you go further down the funnel is a great way to provide sort of an image in your mind for how we’re trying to describe that. So with all of that in mind and the work that you’ve done in this area, where do you see the industry heading right now?

Mary (03:09)

Yeah, the risk is very real and that’s what’s driving this shift. We’re seeing more and more data breaches across multiple industries, multiple segments, ⁓ not fewer, unfortunately. According to recent industry reporting, the average cost of a data breach is now over $4.5 million. And that number continues to climb even higher in regulated industries or when there are third parties involved.

What’s especially important here is that a significant percentage of breaches now trace back to vendors or partners, not internal systems. In environments like IT asset disposition, electronics recycling, or data center decommissioning, the risk goes far beyond logistics. These assets still contain data, they still touch systems, and they still represent brand risk even if something goes wrong. At the same time, there is much stronger connection between technology and compliance than there used to be.

Customers aren’t just auditing how their physical assets are handled anymore. They’re auditing how their partners are managing their own internal systems, access controls, monitoring, and incident response. That shift is raising expectations across the board. It’s no longer enough to say, we’ve never had an issue. Customers want to see structured, repeatable proof that risk is actively being managed and proactively being addressed.

Amanda Tischer-Buros (04:32)

Great points and I think some of those stats are staggering right when we look at what the potential risk to customers their brand could be So it’s really helpful to understand what that looks like Do you have examples of steps we’ve taken ahead of maybe formal requirements and how that’s ended up benefiting? Customers or set a higher bar for the industry

Mary (04:52)

Yeah, absolutely. We have several examples where Dynamic chose to invest ahead of formal requirements because it was the right thing to do for our customers and our partners. One strong example is our investment in internal shredding. By bringing shredding in-house, we reduce third-party risk and strengthen our vertical integration. For customers, that means one vendor, one process, and one clear chain of custody, which directly supports confidence and audit simplicity.

We’ve taken a similar approach in other areas. Specifically, we’ve implemented GPS tracking well before it became an industry expectation. And that decision gave customers greater visibility, improved chain of custody documentation, and a reduced risk during transportation, long before it was ever formally required. And lastly, another example is our Carbon calculator. We didn’t build that because we were forced to. We built it because customers that were asking for better data, better reporting, and better insight into the environmental impact of their programs.

That tool allows us to provide customers the quantification of their outcomes in a way that supports internal reporting, ESG goals, and executive conversations. In all of these cases, the investment was about anticipating customer needs and removing friction before it ever became a problem.

Amanda Tischer-Buros (06:09)

Yeah, that’s great. Those are really good examples that show the array of things that dynamic has looked at over the years and focused on solving problems for our customers or creating formal processes before the industry suggests that these processes exist. And I love the idea of looking at shredding, at carbon calculation, and then GPS tracking, downstream management and risk, because those all solve very different problems for our customers.

It’s a good example to show how Dynamic looks at that risk across varying areas of our business and look to solve areas that are impactful, maybe not just in one lane, but are impacting our customers across the level of businesses that we do. So that’s awesome. Great example. Thank you. ⁓ Kind of maybe switching gears a little bit or kind of getting deeper into the risk that we’ve talked about when it comes to data. So Dynamic holds industry-leading certifications, nine in total.

Spanning environmental data and security standards with SOC 2 and ISO 27001 clearly sit in a different category. Can you talk about how customer risk, not just internal ambition, drove the decision to pursue these newer certifications?

Mary (07:22)

Yes, we have a lot of certification when it boils down to it, but really it isn’t about the number of certifications that we hold. I like to view it as more of the purpose behind them. SOC 2 and ISO 27001 sit in a different category because they directly address customer risk in a more comprehensive way. For many organizations, traditional certifications are sufficient. They demonstrate good practices and operational maturity. But as a

As customer environments have evolved, expectations have changed, which we’ve talked about a little bit earlier. But customers started asking different questions, not just, can you do the work, but can you prove you manage risk at the same level we’re held to internally? They needed assurance that their partners weren’t introducing gaps into their own compliance or security postures. SOC 2 and ISO 27.1 provide that assurance in a structured, recognized, and repeatable way.

They create a shared language around risk management, security controls, and governance, which makes conversations clearer and audits smoother for everyone involved across multiple different customer segments and industries.

Amanda Tischer-Buros (08:31)

So what changed in our customer environments that made these frameworks necessary or the next step for Dynamic

Mary (08:39)

Yeah, great question. ⁓ I think several things have changed at the same time. Technology turnover is happening faster than ever. Assets are moving more frequently, data lives in more places, and systems are increasingly interconnected. At the same time, organizations are under more regulatory pressure and greater public scrutiny than ever before. ⁓ Customers are now being held for the full life cycle of sensitive information.

Not just while assets are in their possession, but after those assets leave their facilities. That accountability extends directly to their partners. And as a result of that, informal or loosely defined controls aren’t enough anymore. Customers need partners who operate within strong, formalized security and governance frameworks. Frameworks that can also scale as programs grow and withstand deeper levels of scrutiny.

Amanda Tischer-Buros (09:29)

Great, thank you. That was very well stated and easy to understand. So for listeners who are out there thinking, this sounds familiar, what are some real world situations that could signal it might be time to take a closer look at your partner’s certifications?

Mary (09:44)

There are some very common signals we see and we hear about. Rapid growth or scope expansion is a big one, especially when programs move from pilot to enterprise wide. Increased data sensitivity, evolving regulations and new geographies can also raise the bar quickly. Another signal is visibility. When programs start getting executive or board level attention, risk tolerance tends to tighten. Leaders want fewer unknowns and fewer assumptions.

So multi-site or multi-year initiatives often expose gaps as well. Those are usually the moments where certifications move from being nice to have to truly essential because they provide consistency, structure, and defensibility over time. So as I think about our customers or our partners that we support, as they’re growing, they can extend some of this ⁓ obligation to a trusted and certified partner like Dynamic to help support them along their growth journeys as well.

Amanda Tischer-Buros (10:39)

That probably helps a lot with peace of mind. So as we think about that, and we think about being audit ready as a mindset, not a one-time event. For those listening, what does this actually remove from their day to day or provide peace of mind for them? What stress or uncertainty goes away when you work with a partner who is audit ready?

Mary (11:00)

Yeah, dynamic operates as if we could be audited at any time because the reality is we oftentimes are. Last year alone, we completed over 40 audits, which is nearly once a week when you think about it. Because of that, our processes don’t change when an audit is scheduled or when an auditor shows up at our front door. There’s no scramble. There’s no special preparation. There’s no temporary workarounds. Our partners can walk into our facilities any day of the year.

You see that same discipline in consistent operations. And we oftentimes do open up our doors at any time to our customers. It lets them focus on their own responsibilities instead of managing vendor risk. We will take that from them.

Amanda Tischer-Buros (11:40)

Great points, thank you. customer environments become more complex, regulated like you mentioned earlier and visible, how does dynamic evolve alongside?

Mary (11:50)

As an industry leader, we take that responsibility very seriously. We see it as our role to help shape what good looks like, always with our customers at the center. That means investing ahead of the requirements, supporting larger and more complex programs, and designing our operations that can withstand higher levels of scrutiny as the expectations rise. SoC2 and our ISO 27001 aren’t endpoints for us. They’re enablers that give us the structure and the discipline needed to support for what’s next.

Whether that’s more complex data center environments, tighter regulatory oversight, or deeper integration with our customer systems so that we ultimately can become easier for them to use. Ultimately, our goal is simple. To be a partner, customers can rely on when the stakes are high and uncertainty is not an option.

Amanda Tischer-Buros (12:38)

Great. Thank you very much, Mary, for your insights today. So as we wrap up this episode of the Vertical Advantage, one thing really does stand out. Raising the bar isn’t about collecting credentials. It’s about meeting evolving customer needs and building operations that hold up when expectations rise and stakes are high. Certifications like SOC 2 and ISO 27001 matter, but the real advantage is the confidence and clarity.

They give customers who can’t afford uncertainty. So we want to thank Mary Hammersbach for being with us today and giving us some great insights into these certifications and others and being audit ready in a time where customer requirements are always evolving. So thank you for listening and we’ll see you next time.