Businesses are familiar with the importance of protecting IT equipment, and any data on devices, when they are in good working order, but there is less general awareness when it comes to the security of end of life IT assets. Whether you intend to resell, recycle or dispose of redundant IT equipment, IT asset disposal is an inevitable stage of an asset’s lifecycle. However, while secure data erasure is essential for the prevention of data breaches, it is not the only factor that should be considered at the end of an asset’s life cycle. But how far is far enough to protect your end of life IT assets, and which steps should you be taking to ensure data security? We take a look at the necessary steps to protect end of life IT assets.
The importance of an ITAD policy
Arguably the most important aspect of protecting end of life IT assets is a clear and effective ITAD policy. This policy should detail who is responsible for which IT assets and the data therein at all stages of the asset lifecycle. It should specify the necessary steps when an asset has reached its end of life (EOL), such as the cancellation of associated software licences. This ITAD policy should also outline how long redundant equipment can remain in storage before it is dealt with appropriately. While it’s easy to forget about old assets once you are using the new products, leaving old equipment in storage puts your information security at risk and could lower the potential resale value of the equipment.
End of life does not mean end of responsibility
Just because you no longer use a device is not to say that you aren’t responsible for it. Your business is accountable for every IT asset at all stages of its life cycle, from the moment it enters your network to the moment it reaches its end of life. This means it’s important that every member of staff is aware of, and understands their role, in the IT asset management system. This company-wide understanding will help to ensure compliance with regulations such as the GDPR and minimise the potential environmental impacts, as they understand EOL best practices.
Invest in the help of EOL specialists
While in-house ITAD might seem like the safest and most cost-effective option, it’s often best to use an expert ITAD service supplier. Your in-house IT department may possess the knowledge and skills to perform all required steps of your IT asset management plan, it’s unlikely that you’ll have the resource available to dedicate all of their attention to end of life assets.
Of course, you’ll want to choose an ITAD supplier that you can trust to take complete care of your end of life assets, as well as complying with your company policies and general regulations. This means asking the right questions and ensuring that the provider possesses all the relevant ITAD certifications and accreditations, covering all aspects of ITAD from data erasure to the responsible disposal of e-waste.
Secure data erasure
Different pieces of IT equipment will require different approaches to data destruction, and any prospective ITAD supplier should be able to both identify and execute the best data destruction method for your end of life assets. Whether you require data degaussing or physical destruction, such as shredding, the best ITAD suppliers will be able to perform any of these methods to the highest of standards. However, it’s worth asking which of these methods can take place on-site and which, if any, will take place off-site.
Certificates and paper trails
Just as it’s important to document the location and status of your IT equipment while it’s in use, it’s also important that your ITAD service provider can provide a certificate of destruction to confirm the secure and complete destruction of data on your device. This certificate of destruction acts as the final link in the chain of custody, demonstrating where responsibility lies at all times. Some of the best ITAD providers will also provide certificates to confirm that a specific asset has been recycled or disposed of responsibly.
You should ask about the legality of these certificates as, in some cases, they can be used to your defence in court if you were to fall victim to a data breach further down the line.
It’s possible that an ITAD service provider will also use third-party suppliers at some stages of the process. Whether these third-parties assist in the transportation of IT equipment, or in the remarketing of any assets to be resold, they will have access to your assets at some point. It’s important that you’re aware of who it is handling your end of life assets, and at which point in the process they become involved. You should consider how your ITAD supplier ensures a secure chain of custody when using third-parties, and ask for information on how they vet them to ensure they act responsibly.
With over 23 years industry experience, EOL IT Services are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibly and legally.