So it is time to retire mobile devices at your company. Whether you have 25 or 1,000 mobile devices that have reached end of life in your organization, what do you do? If you have ongoing CYOD or corporate-assigned device upgrades, how do you know you are handling the disposition properly?

All corporate-owned and issued technology assets, including smartphones and tablets, should be held to the same standards as computer equipment when it comes to disposition. Mobile devices contain sensitive company and employee data, and if not correctly purged of information, or the factory reset isn’t performed properly, a huge vulnerability remains. And you are required to ensure environmentally compliant recycling of mobile devices, just as you are for other IT assets.

Whether the mobile assets were purchased from a carrier or through another service provider, it is the responsibility of the mobile device asset manager to make sure data is wiped from the devices.

In most cases, remarketing is a viable option, and the preferred choice of disposal because of the return on investment. If a device is not properly erased or a cell phone number is still attached to the device once it is reset, data is in the hands of the new user. The process should be done by a certified vendor that provides proof in the form of an erasure or destruction report, proof that will pass an internal or external audit. Additionally, don’t hold onto your smartphones—the sooner you get them resold, the higher your return on investment. The smartphone market is constantly changing and smartphones lose value rapidly as time passes.

There is a misconception that SSDs and flash drives inside most smartphones and tablets cannot be fully erased. Fortunately there are established, tested and certified technologies that flash the firmware and reset the device to factory settings, entirely destroying the data on the device. An electronic report is provided once the erasure is completed successfully. This gives you an audited report of data destruction for all devices. Read our white paper for more information on the subject and how to mitigate risk.

If your organization requires on-site (at your office) erasure or destruction for mobile devices, both can be performed securely on-site as well as off-site. Your ITAD partner will provide you with a full audit report that details the devices received, the data erasure and disposition.

When searching for an ITAD vendor, look for certifications like NAID AAA,  e-Stewards and R2:2013, which ensure the vendor’s processes meet the government standard NIST 800-88, as well as industry regulations that your company must adhere to such as HIPAA, HITECH, PCI and others. To learn more about mitigating risk in disposition of all assets, download our free white paper Guide to Minimizing the Risk of IT Asset Disposition.