10 top tips for the secure disposal of IT and media assets

Whitepaper

Top tips for building a secure, compliant, and sustainable IT asset disposal strategy.

16 May 202212 mins
10 Top Tips For The Secure Disposal Of IT And Media Assets

Is it time to rethink your secure IT and media asset disposition (ITAD) strategy?

The prospect of retiring old technology is usually the last thing people think about when they’re buying and implementing something new. Yet with growing public pressure on enterprises to rethink how they approach electronic waste management, IT professionals now need to think carefully about how they dispose of their used assets. Aside from the environmental impact of e-waste, they also need to address the balance between maintaining data confidentiality while managing the cost of disposition. Here are 10 points to consider when securely disposing of end-of-life IT and media assets:

1. Begin with the end in mind

Very few organisations count disposal in the total cost of implementing new hardware and media assets. When you factor in the costs of achieving compliance and ensuring proper data sanitisation, retiring old equipment can be almost as expensive as buying it in the first place. By beginning with the end in mind, you’ll have a better view of the long-term costs while having ample opportunities to optimise your ITAD strategy.

2. Remember the risks

Retired IT or media assets contain highly sensitive information, which can easily be recovered if not securely erased. Not only could this result in a breach of GDPR and other privacy laws; it could also cause serious harm to your brand reputation and corporate social responsibility. The risks should be identified and managed throughout the full lifecycle of the hardware; not just at the beginning.

3. Implement secure ITAD policies

Without an up-to-date policy, which aligns with current business processes, the disposal of old IT or media assets will lack the standardisation it needs to ensure a safe, sustainable, and consistent process. The policy should cover security, storage, and logistics, and it must name all your vendors. Your policies will also allow you to generate reports on outcomes. Everyone charged with managing and tracking ITAD must be adequately informed.

4. Seek relevant knowledge

Depending on the size and characteristics of your organisation, some ITAD providers may not be able to accommodate your capacity requirements. You also need a partner who is familiar with local data privacy and security laws and can work with the volume and types of devices you’re retiring. This can be especially challenging for established enterprises which are retiring media assets that are no longer widely supported.

5. Erase data securely

Formatting devices or resetting them to factory defaults isn’t enough to delete data, as it can easily be recovered using specialised software. Incorporate a data erasure process that is compliant with industry standards like DoD 5220.22-m and NIST 800-88. It’s important to think beyond magnetic media to address the unique security challenges of wiping other forms of digital storage, such as SSDs. Similarly, shredding alone isn’t enough to sanitise tape media.

6. Educate your employees

Poorly informed employees are the weakest link in any information security strategy, and ITAD is no exception. You need to take steps to ensure that retired data-bearing assets cannot be identified to your organisation and its customers and, most importantly, don’t end up in the wrong places. All employees and partners must be aware of your policy and understand why and how used IT and media assets must be safely disposed of.

7. Support the circular economy

If a device has undergone complete sanitisation and proof has been provided in the form of a certificate of destruction, the device should be safe to remarket. It costs less to remarket or reuse old IT assets than it does to recycle them, but you may want to be wary of getting locked into a vendor by way of a tradein program. By choosing a vendor who allows you to reclaim monetary value from retired equipment, you can also offset some of the costs of disposition.

8. Track your assets

IT asset-tracking and lifecycle management should start the moment any data-bearing device enters into a company’s possession. When sending items for off-site disposal, be sure to tag and track every individual device with a unique barcode and dedicated transportation. Your ITAD partner should also do this for you to provide complete end-to-end visibility and reporting throughout the process.

9. Think beyond recycling

With e-waste becoming a growing concern, focusing on recycling alone isn’t enough. Not only does recycling itself consume energy – it eventually reaches a point of diminishing returns. Instead, you should focus on closing the loop to drive a circular economy, prioritising reuse before remanufacturing, recycling, or disposal.

10. Choose the right partner

The disposal of retired IT and media assets should be handled by a dependable partner. This will ensure compliance with regulations like WEEE, ROHAS, and ISO 270001. But choosing the right supplier will help you maintain your corporate social responsibility (CSR) and offset the costs of disposition by supporting the circular economy. Some partners can also help you manage the rollout of new systems to provide full support throughout the technology lifecycle.