Disposing of a company’s IT assets can be a big challenge partly because of the sometimes overlooked risks associated with it. The retired assets, for one, may go through a number of people, and even locations, before reaching the final disposition point. There are several steps in the process to investigate, and several hurdles to overcome. If not planned and managed carefully, an organization may face risks that are part of IT asset disposition (ITAD): lost revenue, non-compliance with industry regulations and failed audits, corresponding fines, data breach, or environmental violation.

Safeguard your IT asset disposition process to reduce the risks involved. Here are four best practices to follow.

Choose a Certified Vendor for Data Destruction

Organizations can destroy data in two ways: (1) physical destruction of data bearing drives; and (2) data sanitization or erasure.

While both meet government and industry data security standards, the latter is often preferred for its cost-benefit. When you partner with a qualified ITAD vendor that offer certified data erasure services, you tap data security expertise from the outside and also can free up your IT staff for other crucial tasks.

The expertise, training and rigorous process you get with a certified ITAD vendor ensures that the data sanitization process is done right. The NIST 800-88 standard, which defines the process for destroying the data on the drive (or media),, should be the basis for any data destruction process whether your team is doing it or your ITAD vendor. This is a standard, not a government certification, that when met will ensure reliable data destruction.

Certification, in the US, comes from the National Association for Information Destruction (NAID). The NAID AAA certification requires vendors to meet the NIST 800-88 standard, and also includes standards for the entire process, handling and documentation of the data destruction. Partner with vendors that have achieved the NAID AAA certification reduce risk and ensure a secure IT asset disposition process.

Choose a Certified Electronics Recycler

For hard drives that have been destroyed and for assets that cannot be refurbished or remarketed, your organization is liable for their final disposition – even if you’ve handed them over to a vendor who says they do the right thing, A certified electronics recycler offers the viable solution for managing the risk of environmental non-compliance. It’s quite easy.. Simply look for vendors that carry these two leading certifications: e-Stewards and/or R2/RIOS.
Both of these certifications include detailed review and inspection of a vendor’s facilities, procedures and work environment by third party auditors.

Require one or both. Be sure your electronics are not ending up disposed of illegally.

Get Detailed Reports for Every Disposition

IT Asset Management, Finance, IT/Data Security and regulatory auditors may require detailed documentation of each disposition. Be sure your ITAD vendor can provide you with the reporting you need for each disposition as well as for other reporting periods such as quarterly or annually. Make sure any “Certificate” you have received is backed by third party certifications (see above).

Make Sure Your Vendor Can Support All of Your Locations.

A single vendor, with a standard set of processes – matched to your corporate requirements – can ensure that every disposition in every location is performed as required. Small offices, remote locations, and non-headquarters locations need assets removed at end of life, and these assets pose the same risks. A program approach with a single ITAD vendor will lower the overall risk of ITAD by delivering consistent, compliant services.