Section (8) of Appendix A – Downstream Recycling Chain, defines the requirements for qualifying a non-R2 downstream vendor (DSV).

If a non-R2 DSV is providing data sanitization services other than smelting or incineration, that vendor must be annually audited by an independent and competent auditor that has completed one of the following approved data sanitization training courses with annual refresher:

• SERI Lead Auditor Training 
• Introduction to Data Destruction Operations (external link)

Additional training courses may be assessed by SERI and added to the approved list as applicable.