In the data destruction business, there are industry acronyms that we assume everyone understands: “ITAD”, Information Technology Asset Disposition, is one of the most common. What ITAD really means is the destruction and disposal of unneeded or retired IT equipment in a way that protects privacy, ensures security, and is environmentally responsible. For many businesses, ITAD also means trying to maximize any remaining value.
The range of business equipment included in ITAD programs is ever-expanding and encompasses leased, damaged and purchased technology. Desktop computers, laptops, Chrome books, servers, printers, desktops, network hardware, tablets, smart phones, media tapes, thumb drives, BYODs (Bring Your Own Device), even the smart computer centers in vehicles that use Bluetooth calling, text and email voice apps, maps, and contact lists are all subject to a measure of secure erasure or complete destruction before disposal or reuse.
If you’re developing an ITAD program as part of your lifecycle management program, six essential factors in developing policies and selecting vendors should include:
- Security – How can you ensure that confidential information has been thoroughly removed before turning over equipment for repurposing, recycling or destruction? What are the auditing, certification and chain of custody processes that your vendor can provide to ensure 100% accountability and peace of mind?
- Environmental Stewardship and Compliance – Do your vendors have a clean record of recycling and lawful compliance? Are they aware of your local and regional policies as well as your industry best practices?
- Accreditation – Vendors with NAID (National Association of Information Destruction) AAA certification, NIST (National Institute of Standards and Technology) Certified DoD processes, International Association of Information Technology Asset Managers (IAITAM) Membership, and National Security Agency (NSA) Certified Equipment, and third party forensic audits ensure the highest level of asset disposition processes and security.
- Value Recovery – Can you retain any value of leased or owned equipment through repair, refurbishment, remarketing or recycling? How can your vendors help you maximize any aftermarket usefulness that remains? If you can’t resell it, how can you get credit or donate to reap community and PR benefits? Understand your asset recovery options.
- Process Accountability – Your IT staff works hard to protect sensitive information while in possession, but what happens when those assets leave the premises? Minimize opportunities for risk with an ITAD policy that focuses on developed processes including industry compliance standards, legal requirements, onsite disposition, full video recording, serial # scanning, bonded technicians, and a certificate of destruction with serial numbers, erasure outcome, and level of erasure to ensure that the job is done correctly.
- National (and International) Footprint – If your company has multiple locations, consider a vendor that presence or availability at all your locations. ITAD providers who partner with a national, qualified data destruction service provider benefit from a standardized process for electronic data destruction no matter where the asset disposition process takes pace.
The slightest data breach is a risk no company can afford. Understanding where your data is stored is the first step in creating a ITAD policy. Outlining a comprehensive data disposition process that includes vendor criteria for the safe and thorough cleansing of hard drives (and all data storage devices) when assets reach end-of-life or end-of-lease is the best protection against the fines, embarrassment and large recovery costs that data breaches can trigger.