Elevate the power of your work
Get a FREE consultation today!
Many small to midsize companies are unaware of the risks associated with improper IT asset disposition (ITAD).
Many small to midsize companies are unaware of the risks associated with improper IT asset disposition (ITAD). Equipment like laptops, hard drives, phones, and other mobile devices are a vital part of a company's larger information management system. If you don’t track your office tech throughout its lifecycle and the decommissioning process, you can be susceptible to data breaches, inconsistent asset management, and increased costs.
To mitigate these risks, it’s important to have a secure plan to dispose of your old or unused IT assets. Here are seven must-dos when introducing ITAD for your small business.
Sure, this may seem like an obvious first step, but a recent study by Foundry showed more than 40% of companies do not yet have a formal ITAD strategy in place. Start by establishing a policy that includes a detailed description of the IT assets you currently have and a list of the ones that will be disposed.
Prior to disposition, companies should securely destroy data on IT assets, including sensitive customer or employee data, financial information, or intellectual property. The Foundry study also showed that 56% of companies were disposing of assets in the trash and 79% storing obsolete assets on-premises. When it comes to your data, consider the level of risk that may be present by leaving this information for someone to find.
56% of companies are disposing of their IT assets in the trash, creating enormous risk for data breaches and regulatory fines.
Chain of custody refers to tracking IT devices with an auditable paper trail from pickup through final disposition. A secure chain of custody helps maintain data security and ensures your equipment is properly recycled and disposed of in an environmentally friendly manner. Without a reliable chain of custody, it’s difficult to track the movement of IT assets and guarantee they’re securely stored and disposed.
You should receive a certificate of data destruction from your ITAD provider, which will be important to demonstrate compliance with your industry’s data security regulations. This certificate typically includes details like the make and model of the equipment that was sanitized (a common ITAD term that refers to the complete wiping of all data from a piece of equipment), the date the data was destroyed, and the name of the company that performed the destruction.
Regular monitoring and auditing of your company’s ITAD program is crucial. Meeting security and compliance requirements is a big challenge in ITAD but one that can’t be ignored for two important reasons. First, non-compliance fines and other financial penalties can be imposed by your industry’s regulatory bodies. And second, the consequences of poor ITAD open your business to reputational damage in a big way.
Companies that employ ITAD need to stay updated on regulations by remaining active within appropriate trade organizations, attending conferences, and following industry news. Leaders should also research local and federal requirements and actively stay informed of new or changing regulations.
It’s important to select an ITAD provider that is certified and compliant with industry standards such as the R2 standard for Responsible Recycling and the National Association for Information Destruction (NAID).
Key questions you should be asking a potential ITAD provider include:
Taking even small steps to implement an ITAD strategy will positively impact your company’s bottom line and serve your business for years to come.
Finding a trusted partner on your journey can help you make the right decisions for your small business. Visit Iron Mountain’s Small Business Basecamp as your starting point for secure ITAD support.