Disposing of old technology and the data they hold can be a significant security risk for your company. The method of disposal also present a risk of environmental hazard.  When discarded technology ends up in the wrong hands or gets disposed of improperly, the resulting damages can be costly for companies to remedy.  Disposition and destruction of electronically stored data must comply with numerous complex regulations, including HIPAA/HITECH, FACTA, SOX, GLB and FERPA.  Furthermore, the appropriate method of disposal depends on the type of media.  All these factors make handling disposal yourself a complicated and time-consuming endeavor.  Your time is limited and valuable.  Hiring a certified data destruction company can alleviate your hassles—giving you peace of mind and the time to focus on your company operations.
A certified and compliant data and hard drive destruction company can physically destroy your drives and storage media—rendering them useless and unrecoverable.  This can be done at your company location so that your data never leaves your premises.  Drive components should then be recycled in an environmentally responsible manner.  Another alternative is having your data destruction partner company provide secure transport of your drives and other storage media from your location and performing physical destruction and recycling at its facility.

Software-based sanitization ensures the complete erasure of all data, while maintaining functionality of your devices so that they can to be reused or resold. Both internal and external drives can be sanitized.  A qualified company can wipe over 200 individual drives simultaneously.

Handling, Storage and Audit

Data security for retired assets really starts when you decommission the device.  Who handles it, where and how it is stored, who has access – these are important considerations for your process. This part of the process is often overlooked. Lifespan offers an assessment service that helps companies identify and correct these gaps.

Once your vendor is engaged, you should consider having asset and hard drive serial numbers recorded.  The highest level of security and chain of custody will be to have these recorded onsite before the material leaves your facility.  That may not be practical and it is more expensive, so your company data risk and security profile should guide your decision.  The audit can occur at your vendor facility once they have taken possession.  An audit report from a certified vendor will enable you to track every asset, including individual hard drives and their disposition.

Choosing a Certified Vendor

When choosing a vendor for data destruction, there is really one certification you want to look for. The NAID AAA certification is an audited and rigorous process that ensures your provider is using the most secure and fully compliant practices for data destruction available.

You should also be aware of what happens to your devises after they are destroyed. A Responsible Recycling (R2) Certification will ensure that all the destroyed/ non-working materials get processed properly.

Lifespan provides hardware recycling and disposal, data destruction, hardware resale, and a full range of IT asset disposition services to corporations, OEMs and municipalities nationwide. Lifespan offers companies and organizations the flexibility of handling large quantities of equipment with a customized program and works exclusively with EPA-registered and regulation-compliant downstream partners to maintain the highest standards of environmental protection, as well as full compliance with local, state, and national regulations.  For more information, contact Lifespan.