Data security is one of the highest priorities for most IT organizations when it comes to retiring – remarketing or recycling – their physical assets. Disposing equipment without accounting for the data it contains can expose a company to a significant amount of liability. This is especially true for companies in fields where sensitive records are kept, like health care, finance and defense.
Some firms take the safest approach to data security, instituting a policy that, at disposition, every hard drive must be destroyed, often at their own facilities. Other organizations use their internal resources to wipe each hard drive before sending them to an asset disposition partner for remarketing or recycling. They believe this ensures the data never leaves their facility.
These two approaches are secure, but there are other factors to consider, especially for organizations that want to recover some of the value of their retired IT equipment.
What is the best way to ensure data security at disposition? It depends.
You should begin by assessing your company’s internal risk and data security policies, taking into account the compliance requirements of your industry. Also asses the type of equipment for which you are planning disposition. It’s not always necessary to treat all types of equipment the same way. Some organizations, for example, find it makes sense to use different disposition procedures for data center server and array drives and tapes than for client hard drives, because of the type of data typically stored on them. Another consideration is whether the data destruction must occur onsite at your facility or whether secure transport and destruction at the vendor facility provides the risk mitigation your company requires.
If remarketing and value recovery is your goal, you should weigh the cost of sanitizing your drives against the potential return. Even if you are sanitizing your equipment in-house, it can cost your organization a significant amount of resources. Rather than wasting time and resources sanitizing IT assets that have no resale value, consider partnering with an asset disposition provider with a secure process and chain of custody to have them destroyed.
If your organization has a “destroy everything” policy, consider that IT assets lose about 20 to 30 percent of their resale value when they don’t have hard drives. Look at the risks associated with data security and determine if there’s a benefit to be gained with a disposition process that takes into account the value of equipment on the resale market.
Because of the liability involved, these issues are complex, but a good IT asset disposition partner can help you consider all the factors—risk, security, types of technology, costs, and return—and help you make the best decision.
Contact Lifespan for a no-obligation assessment of your ITAD data security processes and requirements.
