One of the goals of the new R2v3 Standard is to clarify requirements and intended outcomes. In areas where more explanation is needed the intent is to incorporate additional detail into the standard to reduce reliance on separate reference documents. Data destruction is one such area where R2v3 will incorporate requirements rather than rely on another source. In areas where customer demand and/or a changing regulatory environment are driving change (such as data security), requirements will be more specific about the expected outcomes. While these changes will add to the length of R2v3, they will also eliminate (or significantly reduce) reliance on other documents, making R2v3 more user-friendly.
One of the strengths of the R2 Standard is that it recognizes there can be multiple, equally effective ways to meet requirements and achieve desired outcomes. This approach has not changed – R2v3 is not overly prescriptive in specifying the “how” but instead clarifies the “outcomes” in areas where further explanation is necessary. This outcome-based approach continues to allow for innovation in the industry, will further improve conformance of R2 certified facilities, and will ultimately increase customer confidence in R2 certification.