How to Build a Compliant IT Asset Disposal Plan

Posted by on January 8, 2019

Have you ever had your personal data compromised? A recent study found that 26 percent of consumers reported having personally identifiable information (PII) compromised just within the last month, and 34 percent within the last year. It comes as no surprise we are seeing more legislation requiring companies to ensure PII and other confidential data is adequately protected.

When a device is upgraded or replaced, IT managers play a critical role in ensuring data destruction for consumers and legislative compliance for their company. Security gaps can be introduced especially as IT assets are moved, packaged or transported. This multi-step chain of custody presents risks and vulnerabilities that need to be effectively managed. As an IT executive you must ensure your chain of custody is clearly defined, documented, secure and as streamlined as possible.

If one stray hard drive turns up during an audit or shows up years later in an unexpected place, your company’s ability to demonstrate consistent processes and attention to detail will be jeopardized. This might also greatly affect liability assessments.

Here are three main areas to focus on to maintain audit-ready reports and legislative compliance for your company.

Demonstrability: Document your processes

For audit purposes it is critical to have defined processes to demonstrate discipline, due diligence and best practices in how IT assets are handled and data destroyed. Documentation (i.e. inventory report or certificate of data destruction) provides proof that processes were followed and data was responsibly destroyed.

Statement of Work: Define how equipment is processed

When onboarding a new vendor, a written statement of work (SOW) often details how equipment is processed. This can be an important part of any corporate audit, as it demonstrates the use of a vendor who operates in a systematic and repeatable manner.

A vendor should be committed to ensuring a seamless service transition by making your onboarding experience a positive one. Particularly when managing multiple entities across the globe, vendors should be able to demonstrate their tried and tested onboarding process which might include an understanding of,

  • Tax and financial considerations,
  • Transboundary movements of equipment,
  • Varying environmental, data security and privacy legislation, and
  • Other international variations.

Transparency: Ensure accountability of the process

Once your processes are defined and documented, ensure accountability of the process and have an understanding of how you will manage it. Find a vendor who offers full transparency.

A web portal option can be used to search for any IT asset at any time, and view an item’s status. If assets have been processed, a quick search using an identification number (i.e. serial number or asset tag) should provide details on the service, location and certificates if needed.

Incorporating these three areas into your IT asset disposal plan should strengthen your compliance efforts and organize your IT processes and procedures resulting in an efficient and compliant IT asset disposition program.

Learn more with these 6 ITAD tips that are too important to ignore.

[Webinar] IT Asset Disposition & GDPR: What you Need to Know