Elevate the power of your work
Get a FREE consultation today!
If you don't track your end user tech throughout its lifecycle and the decommissioning process, you are left exposed to costly data breaches.
Many government agencies are unaware of the risks associated with improper IT asset disposition (ITAD). Equipment like laptops, hard drives, phones, and other mobile devices are a vital part of a government agency's larger information management system, containing sensitive government data and citizen PII. If you don’t track your end user tech throughout its lifecycle and the decommissioning process, you are left exposed to costly data breaches.
To mitigate the risks, it is important to have a secure plan to dispose of your old or unused IT assets. Don’t take the risk - here are six must-dos when introducing an ITAD program for your organization.
Sure, this may seem like an obvious first step, but a recent study by Foundry showed more than 40% of organizations do not yet have a formal ITAD strategy in place. Start by establishing a policy that includes a detailed description of the IT assets you currently have and a list of the ones that need to be disposed of.
Prior to disposition, organizations should securely destroy data on IT assets, including sensitive citizen data, financial information, or intellectual property. The Foundry study also showed that 56% of organizations were disposing of assets in the trash and 79% storing obsolete assets on-premises. The consequences of data breaches can be catastrophic, leaving you open to massive financial losses and security threats. When it comes to your data, consider the level of risk that may be present if any of it falls into the wrong hands.
According to the IBM Cost of a Data Breach Report, each public sector incident costs $2.07 million on average. Is your agency willing to blindly gamble with this level of risk?
You should receive a certificate of data destruction from your ITAD provider, which will be important to demonstrate compliance with data security regulations. This certificate typically includes details like the make and model of the equipment that was sanitized (a common ITAD term that refers to the complete erasure of all data from a piece of equipment), the date the data was destroyed, and the name of the company that performed the destruction.
Regular monitoring and auditing of your organization’s ITAD program is crucial. Meeting security and compliance regulations is a big challenge in ITAD but one that cannot be ignored for two important reasons. First, regulatory bodies can impose non-compliance fines and other financial penalties. And second, the consequences of poor ITAD open your organization to reputational damage in a big way – do you want to be responsible for the identity theft of a citizen?
It’s important to select an ITAD partner that is certified and compliant with industry standards such as the R2 standard for Responsible Recycling and the National Association for Information Destruction (NAID).
Key questions you should be asking a potential ITAD partner include:
At Iron Mountain, no data has been recovered from drives we have decommissioned. Ever. The stakes have never been higher. Learn more about what sets our IT asset disposition services apart from the rest.