In a world post GDPR, IT Asset Disposal (ITAD) is of increasing importance to ensure that sensitive data, regarding both your business and your clients, is protected. Whatever the nature of your business, data protection is the ultimate aim, but specific ITAD best practices vary between industries, and the optimal disposal process will depend on your business and the devices in question.
While IT asset disposal concerns equipment at its end-of-life, any successful data security process starts as early as possible. The same goes for IT asset management processes- start from the very moment a new piece of IT equipment enters your company. Whether that’s a new hard drive in your data centre, or a new printer in your office, it’s important to establish a plan as early on as possible.
Choose a reliable ITAD service provider
Even if you’re a small business with relatively low IT asset turnover, keeping ITAD in-house is always somewhat of a risk. There’s no denying that you understand the value and sensitivity of your business data, but you won’t necessarily understand how to best deal with specific equipment. You can’t always rely on overwriting for secure data erasure- certain items will require physical destruction, such as hard drive shredding. Even if you do know which equipment requires which method, you won’t necessarily have the tools to perform it.
Instead, you should choose a reputable and certified ITAD vendor. This provider should be experienced in data destruction and end-of-life disposition in your industry, and should be able to provide examples of previous work, with testimonials to back this up. A reputable ITAD partner will also always offer up a certificate of destruction as assurance that they have executed their job of data erasure effectively.
Resell and recycle
Just because an asset has reached its end-of-life in your business or department, that isn’t to say it couldn’t be useful to someone else. Reselling redundant equipment is a cost-effective way to earn some returns to maximise your return on investment (ROI) and offset the cost of your new equipment, while helping to reduce e-waste in the process. All good ITAD companies will offer support with the resale process, helping you to understand the value of your items and identify the best markets and buyers for your specific items. Even if your equipment isn’t suitable for resale, you may still be able to donate to the likes of schools and charities for further use.
In circumstances where reuse isn’t an option, you may be able to recycle your equipment. However, it is of vital importance that the recycler, or your ITAD partner, is certified to recycle such equipment effectively and responsibly. Nevertheless, whether you resell or recycle redundant equipment, it is vital that all data has been erased effectively from your hardware.
Maintain a chain of custody
A chain of custody paper trail is of high importance in any ITAD program, as it documents where equipment is and who is responsible for it at all stages of its lifecycle. Your ITAD partner should be able to provide guidance on how best to record this, but it should always be as detailed as possible. It should follow the equipment from the moment it enters your business to the moment that it is destroyed, recycled or resold.
This chain of custody isn’t just valuable for keeping track of your equipment, it can also act as evidence if you were to need it as proof of your due diligence at a later date.
Comply with environmental regulation
Around 40 million tonnes of e-waste is generated every year, which is why disposal of equipment should always be the last resort. In the event that disposal is the only viable option, it’s vital that you approach this in a way that is both environmentally responsible and legal. Your ITAD partner will need a waste carriers licence and should also hold certification to prove its adherence to environmental regulations, ISO 14001 and the Waste Electrical and Electronic Equipment (WEEE) Directive.
In an ideal world, and for most businesses that have a sound IT asset management process, data breaches will not be a problem. However, it’s important that you take due diligence at all times, testing for any vulnerabilities in your process and working to fix these as soon as possible. If you do suspect that there has been a data breach, you should notify the ICO as soon as possible. While you may still be subject to penalties, it can work in your favour to demonstrate the will to cooperate.
Educate Your Employees
Even if you do have a dedicated team that deals with your IT equipment at its end of life, ensuring that your wider team of employees understands what ITAD is, why it is important in the wider issue of data security and the impacts of not getting it right. You should educate staff on the standard ITAD protocol for your business, and the steps they should take if they believe a device has reached its end of life.
Of course, there will be other more specific factors to consider, depending on the sector in which you operate. However, implementing these ITAD best practices, regardless of your industry puts you in the best starting place when it comes to the protection of your business data, maximising your ROI and minimising environmental harm as part of your ITAD process.
With over 25 years industry experience, tier1 is the most accredited ITAD supplier in the UK. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibly and legally. We also ensure that our clients recover maximum residual value from their redundant IT assets through our resale services.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to understand how we can help you with all your ITAD requirements.