It is estimated that data volumes double every two years, which means there’s an ever-increasing need to monitor its storage. Understanding where and how your data is stored, even at its end of life, and documenting this in a chain of custody report is a vital step to ensuring compliance to data regulation and environmental legislation. However, a mental record of this data storage doesn’t suffice – you’ll need to have a written record of the whereabouts of this data to comply. Failure to produce a chain of custody when requested could see businesses paying a hefty price. But why is a chain of custody important to IT asset disposal? EOL explains all.
What is a chain of custody?
Put simply, chain of custody in ITAD is a complete and comprehensive record that documents the history of your data, including where digital assets are stored and which individuals has access to these assets. This chain of custody must begin at the moment the digital assets are created, right to the moment of destruction.
Chain of custody applies to any digital asset you may have, from individual data files to thumb drives and computers. You must be able to account for all business data and prove that it was stored correctly at all times.
Chain of custody in ITAD
A record of all data and its whereabouts is important for ITAD as it means that all redundant assets, and the data stored on it, are accounted for. As a result, businesses are able to certify that sensitive business information is disposed of thoroughly, and by an authorised body.
Businesses should also employ the chain of custody to document when data is sent to an ITAD supplier for secure and compliant destruction. It’s important to understand that, while IT asset disposal can—and, in most cases, should—be outsourced, responsibility for your data cannot be, which is why a complete chain of custody report is so necessary.
How strong is your chain of custody?
- Are assets transported in GPS-tracked vehicles?
In order to document the whereabouts of your IT assets, you should be able to track the location of any vehicles used to transport your assets from business premises to the destruction site.
- Is each asset assigned an individual identity?
Your chosen ITAD supplier should assign an individual identity to each of the redundant assets it deals with, rather than identifying your ITAD order in bulk. This means that all items are accounted for and are less likely to go missing.
- Can the ITAD vendor guarantee the location of assets at all times?
It’s important that an ITAD vendor can tell you exactly where each of your assets are at any point in time, and who has access to them at these stages.
- Does the vendor keep a physical copy of interaction with your assets?
Computer failure is not a valid excuse when it comes to failure to produce a chain of custody- both you and your ITAD vendor should keep a physical copy of the chain of custody in case of emergencies.
- Do only authorised IT technicians have access to your assets?
The chain of custody should prove that, at all times, only those that are fully trained handle your data. For this reason, it’s vital that an ITAD supplier can guarantee this.
You must be able to emphatically answer ‘yes’ to each of these questions before you can rest assured that an ITAD supplier can provide you with a service that complies to all necessary regulation.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com/services/it-asset-disposal/ to find out how we can help you dispose of your data safely and reliably.