Your best protection against data centre ITAD risk is a secure chain of custody

Blogs and Articles

A disciplined approach to data centre decommissioning involves an ongoing process that protects against data breaches, contributes to sustainability goals and maximises the potential to recover value from equipment no longer needed. Having a secure chain of custody provides complete visibility on assets' physical location from an initial audit through final disposition, ensuring data security.

29 July 20247 min
Your best protection against data center ITAD risk is a secure chain of custody

Data centres are constantly upgrading equipment to keep up with the need for faster speeds, greater storage capacities, increased energy efficiency, and enhanced security. However, the flip side of progress is that older equipment needs to be retired. This process carries risks unique to data centre environments, ranging from data security, unrealised resale value, and environmental impact.

The greatest risk exists during the transition from active use to the end-of-life phase. Each step—data destruction, decommissioning, packing, transportation & shipping, and value recovery —requires procedures to ensure data security, minimise the risk of damage, and promote circularity or the maximum reuse of equipment and componentry.

Data Sanitisation

Ideally all data is sanitised before equipment leaves the data centre. Some IT asset disposition (ITAD) experts use enterprise-grade sanitisation software onsite to wipe all storage types in parallel delivering data erasure within a few hours or days compared to the weeks or months it might take to erase each asset individually.

When it is not feasible to sanitise all data prior to transporting equipment, an ITAD provider that guarantees a secure chain of custody is imperative. To ensure compliance, the vendor should be able to provide demonstrated and established workflows with evidence of data sanitisation, certified audit trails for each asset, and a fully traceable process from decommissioning and transportation to wiping and final disposition.

When physical device destruction is required, an ITAD expert can provide on-site or off-site shredding of hard drives, tapes, and other storage media with documented certificates of destruction.

Decommissioning

As servers, storage units, and networking equipment are powered down and removed from their racks, a disciplined process is needed to ensure that equipment is fully accounted for and the risk of data compromise is minimised. Before decommissioning, create a comprehensive inventory of all data centre assets, including servers, storage systems, networking gear, backup tapes and racks. Records should include serial numbers, dates and plans for final disposition. Equipment de-racking and rack removal should be performed by qualified personnel to minimise the risk of damage.

Packing

Transporting data centre equipment requires specialised knowledge. Expensive and sensitive components need to be protected against heat, dust, and humidity. Improper equipment handling during transportation can cause damage that impacts resale value. A secure logistics provider should use eco-friendly materials customised for moving equipment, furnish protective padding for safe transport, clearly label each item for easy tracking during shipment, and provide round-the-clock security. Specialised floor matting should be used during the packing processes within the data centre to ensure floors are not damaged by the movement of heavy equipment.

Transportation & Shipping

The greatest risk to data security occurs when the equipment is out of your possession. A secure transportation vendor should meet your requirements for timeliness, data security, tracking and reporting while maintaining the flexibility to accommodate unique needs. A secure transportation vendor guarantees reliable pickup and delivery schedules with secure handling protocols during transportation to safeguard equipment and data. Detailed tracking should be furnished for all items in transit.

Asset Processing and Value Recovery

Once an asset reaches an ITAD facility for processing, it should be received and inspected. A certified ITAD provider will provide clear visibility into this process. From there, depending on its final disposition, the asset could be sanitised, cleaned, graded, refurbished and prepped for resale, sanitised and dismantled to recover useful components for extended use, or destroyed and recycled using material separation processes to maximise resource recovery. 

Don’t underestimate the potential value that can be recovered from equipment resale. Resale proceeds can often be substantial depending on the age and value of the equipment. An established ITAD partner that specialises in remarketing can help estimate the value of retired equipment and ensure that safe, secure processes are in place to support optimising value recovery. After wiping all data, testing and refurbishing assets, the ITAD partner sells equipment directly to consumers or through a wholesale partner network, returning some of the proceeds to the previous owner. IT asset remarketing reduces environmental impact through waste reduction and reuse and maximises ROI through value recovery.

Data centre operators can ensure that environmental best practices are followed by choosing ITAD partners certified by recognised standards such as R2 (Responsible Recycling) or e-Stewards. These certifications ensure the ITAD provider adheres to high environmental standards and data security protocols.

Secure Chain of Custody

A secure chain of custody provides documentation and accountability throughout the decommissioning process. It ensures that the location of assets is known and that equipment containing data is wiped, tracked, and accounted for throughout the process. Having a secure chain of custody provides complete visibility on assets' physical location from an initial audit through final disposition. Regular audits of the disposal process can help identify potential security gaps. Compliance with international standards, such as ISO/IEC 27001 for information security management, reinforces a commitment to best practices. A certificate of data sanitisation that verifies the data has been destroyed should not only be a requirement, but also a necessary step to ensuring compliance.

A disciplined approach to data centre decommissioning should be an ongoing process that protects against data breaches, contributes to sustainability goals and maximises the potential to recover value from equipment no longer needed. As the need for new data centres continues to grow, a best-practice approach to decommissioning is essential.

Learn more about our secure ITAD services

Learn more about our Data Centre decommissioning services

Learn more about our approach of rethinking sustainability