The success of a lifecycle management program for your company’s IT equipment is dependent on the rigor of your end-to-end process including the selection of an asset disposition vendor. Of course, the only way you’ll truly know that you have made the wrong vendor choice is if there’s a data breach and your data, or worse yet, your customer data, ends up on the open market.
Choose the right data destruction services company that can offer a full suite of data destruction services to protect your customer data or your own data so that it doesn’t fall into the wrong hands. Use this qualifications checklist to formulate your asset disposition plan:
- Knowledge of Asset Disposition. Understanding your hardware type, quantity, location, industry regulations and internal policies governing information disposition, an experienced data destruction service should be able to guide you in determining the most appropriate and cost-effective asset disposition method including degaussing, erasure, and shredding.
- Onsite Services vs Offsite. In most cases, onsite services can lower costs while reducing the risk, liability and additional steps of storing, packing, transporting, shipping and receiving equipment that contains live data. Mobile IT labs and service personnel come straight to your door, warehouse, data center or loading dock.
- Customized Services. Can your VAR or data destruction service design a data destruction plan that meets meet your customers’ requirements, legal obligations or internal policies for disposition?
- Bonded and Trained Technicians. Be confident that the techs who are handling your equipment know what they’re doing and are carefully vetted to ensure that your data remains secure.
- NAID AAA Certification. Only NAID certification guarantees the highest level of protection of confidential customer information through rigorous education and auditing that meets the numerous laws and regulations.
- Regulatory Knowledge and Compliance. Industries that are regulated by specialized security and privacy laws, such as HIPAA compliance for medical records and Sorbanes-Oxley for financial and accounting firms, will affect life cycle management. Select a vendor familiar with regulatory compliance specific to your needs.
- Verification and Reporting. Once your asset disposition project is complete, your vendor should supply a complete report of services rendered including a Certificate of Destruction that confirms and details data removal information such as serial numbers, destruction outcome, and level of destruction.
- VAR Referral. Talk to your trusted VARs to understand what type of data destruction partnerships they work with and recommend. As the client, you can always specify the asset disposition vendor you prefer.
To summarize, consider your asset disposition vendor as an essential final step in your overall IT risk management plan. Understanding the criteria and the value of your data (and tolerance for risk) will help you select the appropriate vendor to be your partner in protecting the privacy and security of the information on your equipment as it reaches end of life, lease and value. Taking the time to ask questions and understanding the disposition process will assure you that you know exactly how your IT assets will terminate. Ask your IT equipment VAR for assistance or contact Guardian Data Destruction for additional information. We’re happy to help!