Since the GDPR came into play in 2018, businesses are highly aware of the importance of dealing with data appropriately to safeguard both business information and that of employees and clients. Secure passwords, 2-factor authentication (2FA) and anti-phishing training are simple steps that organisations can take to heighten security measures. However, one equally important aspect that can often be overlooked is the importance of the chain of custody when managing your IT assets. A common reason for this is that people simply don’t understand how the process works or why it is so crucial. Let’s take a look at exactly what a chain of custody is and whether you’re doing enough to protect your data.
What is a chain of custody?
Put simply, a chain of custody is the complete history of where your IT assets are, have been, and who is currently responsible for them, from the moment they are created to the moment they are destroyed. The chain of custody follows this journey step-by-step to offer a comprehensive inventory, including any changes to the asset along the way. It’s important to note that ‘destroyed’ means disposing of the asset through a compliant programme that assures the asset’s destruction, rather than simply throwing it away.
Why is a chain of custody important?
It’s estimated that business data volumes double year on year, and with data volumes predicted to reach 175ZB (zettabytes) by 2025, it can be difficult to keep track of who is accountable for the data in your company and where it is stored. A comprehensive chain of custody takes care of that- and it also minimises your chance of falling victim to a data breach.
Failure to present a comprehensive chain of custody could result in hefty fines, regulatory investigations and damage to public reputation, but that isn’t the only reason the chain of custody is important. These documents demonstrate accountability for assets and the data stored on them which, in turn, shows that data is being properly stored and protected.
In the long run, this can have other benefits for your business. Essentially, this chain of custody encourages good practice when it comes to data protection, significantly reducing the risk of leaking sensitive information about your business, employees or clients.
These paper trails can stand up as evidence of due diligence in court, if you ever were to need it, which demonstrates the importance further.
How to maintain an effective chain of custody
A chain of custody should detail exactly how your data and assets are stored at all points in its life cycle and, while you can take due diligence to make sure of this all the while assets are on business premises, this may be more difficult when you get to the point of destruction.
It goes without saying that you’ll need to choose a reputable and reliable ITAD provider to ensure that your data is dealt with appropriately at its end of life. But how can you be sure that the provider has the correct processes in place for this? Of course, you check for certification and read client testimonials, but you should also ask the supplier a number of questions yourself, covering:
- How the provider guarantees complete destruction
- Who has access to your assets during the destruction process
- How the provider tracks each individual item
- What choice you have over the geographical location of asset storage or destruction
- What steps the provider takes to protect data in the event of a computer failure
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD provider. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibly and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.