If you were tasked with the disposal of enterprise hard drives would you know exactly how to dispose of it in a secure, compliant and environmentally responsible manner? Would this process have asset tracking technology and reporting in place for this process?
It is important to have confidence in your company’s IT asset disposition (ITAD) program. Organizations without a written ITAD policy may not know where to begin. Creating an ITAD program from scratch can be intimidating and even if a program is in place, you may feel a lack of confidence that it is sufficient.
The reason for this, is the diverse set of considerations involved in maximizing the value of IT devices and preventing data exposures. A recent Ponemon study revealed that 40 percent of companies surveyed globally suffered a data breach involving sensitive customer or business information in the past two years1. This is unfortunately a rising problem today so the more proactive you can be, the better.
Follow these steps to spark momentum on building a custom ITAD program from start to finish.
STEP 1: Understand IT inventory and refresh cycles, companywide.
Having a good understanding of the company’s inventory will greatly help during the ITAD process. Consider any/all IT-related items which will not only include PCs and mobile devices, but also data center equipment including servers, storage arrays, routers and switches. Consider how often these devices are regularly replaced to help understand how often an e-waste disposal and recycling service is needed.
Also consider any IT assets that are leased. If you manage leased equipment inquire about their lease return management services to ensure they are considering your company’s data security within their disposition process.
STEP 2: Consider your priorities.
When it comes to ITAD, what is the company most concerned about? Data exposure? Lack of compliance? While all ITAD services are important, your company may need one part of a service more than another. Priorities may include the following:
- Ensuring Compliance – While compliance is required for all businesses, legislation can apply more to certain companies or industries. A new legislation in effect May 2018 is the General Data Protection Regulation (GDPR). GDPR will soon be enforced for anyone who handles, stores or processes the personal data of European citizens, no matter your business’ location. If you are unfamiliar with legislations, such as GDPR, be sure to research and consult with an expert to ensure the company is managing all IT equipment accordingly.
- Securing Data – When it comes to data security, your company can choose to go above and beyond what’s required. There are high-security ITAD options available which eliminate risks of data exposure. One popular service offers bulk hard drive shredding that can be completed on-site. This on-site service can provide data destruction for thousands of units, within hours.
- Maximizing Equipment Value – Some data destruction options, such as shredding and degaussing, render a device obsolete leaving no choice other than to recycle shredded components. However, if your company wants to focus on maximizing the value of IT equipment, they may choose a service that can protect data, and allow for reuse of that equipment.
- Recycling Responsibly – Reuse is the most environmentally-friendly option for working devices. Then once a device becomes obsolete, some companies may want to spend their time focusing on ensuring their IT equipment is managed sustainably, working towards a circular economy.
STEP 3: Select a service based on the company’s priorities.
Finding services that match the company’s priorities is important to ensure all business needs are satisfied. If your company wants to focus more on end-of-life recycling, find the vendor with the best state-of-the-art e-waste recycling process. If a need for global ITAD services exists, find a vendor who can accommodate this on a larger scale. Include these specifications when distributing an RFP for an ITAD program and make sure the questions reflect the company’s preferences. This can help you select a service that is aligned with business priorities.
STEP 4: Create and enforce an ITAD policy.
Once you’ve selected an ITAD partner, it is smart to create a policy to standardize and enforce the process companywide. If you’re managing multiple sites, put an ITAD policy in writing and distribute it to a representative from each site. Include vendor contact information so they have the details they need to schedule a service when the time comes.
STEP 5: Review the program regularly.
ITAD services continue to evolve along with technology. When new models are introduced, pre-existing models become outdated. Services, legislation, obstacles and standards are constantly changing and so may the company’s priorities. It is smart to review and analyze if a service is working on a regular basis to ensure corporate devices are managed effectively.
It’s important to get a strong ITAD program in place. Taking time to organize and plan a process will pay dividends in the end when the time comes to replace IT equipment.
Click here to learn more about GDPR and how it might affect your ITAD program.
Sources: