7 must dos for secure ITAD

Blogs and Articles

Many companies are unaware of the risks associated with improper IT asset disposition (ITAD). Not tracking IT assets throughout their lifecycle or disposition process can leave organizations vulnerable to data breaches, as well as create inefficiencies in terms of cost savings and consistency across the enterprise. To mitigate these risks, it's important to have a proper ITAD strategy in place.

9 March 20237 mins
7 Must Dos for Secure ITAD

Many companies are unaware of the risks associated with improper IT asset disposition (ITAD). Not tracking IT assets throughout their lifecycle or disposition process can leave organizations vulnerable to data breaches, as well as create inefficiencies in terms of cost savings and consistency across the enterprise. To mitigate these risks, it’s important to have a proper ITAD strategy in place.

So let’s get into it…

1. Establish a policy

Sure, this may seem like an obvious first step, but a recent study by Foundry showed more than 40% of enterprise companies do not yet have a formal ITAD strategy in place. So start by establishing a policy that includes a detailed description of the IT assets that will be dispositioned.

2. Understand that the data security risk is real

All organizations must securely destroy data on IT assets, including sensitive information such as customer data, financial information, or intellectual property, prior to disposition. Many organizations are currently not practicing secure disposition best practices according to a Foundry research study (e.g. 56% disposing of assets in the trash and 79% storing obsolete assets on-premises). When it comes to your data, consider the level of risk that may be present.

3. Establish secure chain of custody

To maintain data security, establish a secure chain of custody to ensure all IT assets are reliably tracked throughout the entire disposition process; this allows your organization to track IT devices from pickup through final disposition with an auditable paper trail, while also ensuring all IT assets are properly recycled and disposed of in an environmentally friendly manner. Without a secure chain of custody, it’s difficult to track the movement of IT assets and ensure they’re securely stored and disposed of.

4. Require certificates of data destruction

You should receive a certificate of data destruction from your ITAD provider as auditable evidence that all data has been securely destroyed prior to disposal, typically including information about the data destruction process, such as the make and model of the equipment that was sanitized, the date the data was destroyed, and the name of the company that performed the destruction. This certificate is important to demonstrate compliance with data security regulations.

5. Monitor and audit your ITAD program

Regular monitoring and auditing of your ITAD program is crucial for ensuring all assets are securely disposed of and all security measures are being followed. Foundry cites that 39% of enterprise companies say meeting security and compliance requirements is their biggest ITAD challenge, and these are pressing concerns for two reasons: potential fines and other financial penalties imposed by regulatory bodies for non-compliance, and damage to an organization’s reputation. For example, a global bank was recently cited for not being able to account for all of its end-of-life IT devices

6. Stay up to date on data privacy regulations

Organizations dealing with IT asset disposition need to stay up to date on all regulations by remaining active within appropriate trade organizations, attending conferences, and following industry news, as well as researching all local and federal requirements and actively staying informed of new or changing regulations.

7. Choose a trusted ITAD provider

It’s important to select an ITAD provider that is certified and compliant with industry standards such as the R2 standard for Responsible Recycling and the National Association for Information Destruction (NAID).

Key questions to ask an ITAD provider include:

  • Does the provider have a strong reputation with many years of experience?
  • Does the provider own their own fleet of trucks and processing facilities?
  • Can the provider generate the highest level of cost savings through remarketing?
  • Can the provider scale with your program locally, nationally, and globally?

Iron Mountain Asset Lifecycle Management provides world-class logistics with a secure data sanitization platform and an auditable chain of custody for each serialized IT asset. Our fleet of 3,500 purpose-built trucks and processing facilities located around the world offer peace of mind and support corporate sustainability goals, while also helping to lower your organization’s total cost of ownership (TCO) through remarketing.

Is your organization looking for a trusted ITAD provider? Learn more at the link below.

Elevate the power of your work

Get a FREE consultation today!


Get Started