Achieve data security compliance during data center decommissioning

Blogs and Articles

When it comes to managing sensitive data bearing assets, complete traceability and adherence to compliance regulations are of utmost importance.

Clint Lange
Director of Process Engineering, Asset Lifecycle Management, Iron Mountain
October 12, 20237  mins
Data security

You need a comprehensive strategy that provides you with peace of mind while managing your data center assets effectively.

  1. Asset Discovery The journey to a robust audit trail begins with asset discovery. By comparing your asset list with automated discovery results, you establish a detailed blueprint of serialized assets, maintaining parent-child data relationships crucial for accurate tracking and auditing – a cornerstone of effective asset management.
  2. Variance Analysis After asset discovery, generate a reconciliation report that identifies variances between discovered assets and your inventory. Addressing these discrepancies ensures transparency and compliance throughout the lifecycle of your assets.
  3. Data Sanitization With the initial reconciliation complete, it’s time to securely erase data from functional data storage devices. A percentage of drives may fail to fully erase. In such cases, follow NIST and NAID guidelines for secure physical destruction.
  4. Certification Post-erasure, obtain Certificates of Sanitization for successfully sanitized drives and Certificates of Destruction for drives requiring physical destruction. These certificates are crucial evidence of data elimination, reinforcing compliance and security throughout asset management.
  5. Departure Report A departure report is generated to account for all processed assets and their destinations. This report reinforces security and ensures accurate asset tracking.
  6. Secure Transportation Ensure secure transportation of decommissioned assets to disposition facilities. Best practices include sealed loads, and purpose built vehicles with alarms, including GPS tracking. This provides transparency and accountability during transportation.
  7. Final Reconciliation At the disposition facility, perform a final reconciliation by cross-checking assets against the baseline report and reconciling each serialized asset independently. Immediately address any discrepancies to ensure accuracy.
  8. Value Recovery Through Circular Economy Maximize value recovery for resalable whole assets or individual components while ensuring security. The resale preparation process for whole assets includes removing asset tags, reconditioning assets, and securely packaging them. Firmware is reset to factory settings. For component extraction, items such as memory and CPUs are carefully removed, inventoried, tested and packaged carefully for resale.
  9. Asset Destruction and Recycling Securely destroy data and recycle assets not designated for resale following environmentally responsible practices. Remove asset tags and shred drives if necessary, with Certificates of Destruction issued as documentation.

This comprehensive approach ensures that the data on your assets are managed with the utmost care, maintaining compliance and providing peace of mind throughout the entire IT asset lifecycle.