ITAD: 4 Strategies for Managing Risk and Data Security

Posted by on May 2, 2019

The most recent 2018 Ponemon Report states that the global average cost of a data breach is $3.86 million. The same report discloses the average global possibility of a breach in the next 24 months is 27.9 percent.

Over the past few years we have seen a 75 percent increase in data breaches, which has motivated organizations to focus more on their corporate risk management and data security policies. When it comes to IT asset disposition (ITAD) and e-Recycling programs, the focus on security is being taken more seriously to comply.

Especially for global companies, an IT asset disposition program needs to consider corporate risk management, business continuity and data security policies. These can all impact a global ITAD program.

Here are four strategies many companies consider during ITAD when managing risk and data security.

1. Data Security: Maintain a Strong Data Destruction Plan

Many data destruction plans for retired IT and data center equipment, will be similar to the risk protection portion of a corporate data security policy. Corporate data security policies usually will include criteria for managing data usage, access and privacy. Processes for highlighting vulnerabilities and ensuring protection from data threats are always included in these security policies.

But what happens when significant upgrades are made to a company’s IT infrastructure? Does the corporate data security policy include specifications for managing replaced IT equipment? This is where policies could lack, and for global companies in particular, where challenges exist.      

2. Global:Understand and Address Global Challenges

Global companies often face the challenge of consistently managing data destruction processes from country to country at smaller offices with remote employees. Managing inventory alone can be difficult, let alone considering changes to data bearing devices over time.

3. Tracking and Reporting: Manage a Strong Asset Inventory List

There are more devices today storing larger amounts of data. Keeping a strong IT asset inventory list will help manage what employees are provided which asset. However, keeping that list up to date and managing data destruction for every data storage device is where daily management can become a challenge.

Strong IT asset inventory lists can be the backbone of an IT asset disposal program. This ensures all items are accounted for and can later be used for tracking disposition of items, which is usually maintained using ITAD vendor portals. Certificates can usually be viewed on these systems and linked back to asset tags and serial numbers, making audits and compliance much easier to manage.

4. Compliance: Recognize Applicable Regulatory and Corporate Requirements

When operating globally, regulations vary by region/country. For global IT asset disposition, there are several considerations including,

  • Regulations to consider in each country,
  • Legislation regarding e-waste disposal,
  • Changes on the horizon that may affect e-waste disposal processes,
  • Regulations that may affect ITAD programs, such as the General Data Protection Regulation (GDPR).

Staying informed of these requirements is important, which is why IT asset disposition vendors usually provide support and guidance on maintaining compliance.

ITAD Risk Management Strategies

There are many ways to ensure data security of replaced and disposed IT equipment. On-site data destruction services have become a popular and useful service for providing that extra sense of security in the data destruction process. Clients can usually witness the physical destruction of these devices when this takes place, and before equipment is transported away for recycling, providing visual proof of data security.

If equipment is being reused, data wiping should be performed by a professional certified data destruction vendor who can wipe according to industry guidelines for media sanitization. Two wiping standards often used in the industry include, NIST SP 800-88 r1 in the United States, and HMG IA Infosec No5 globally. Wiping is 99.999 percent effective, only if done correctly. So it is best to make sure it is, in fact, performed correctly.

Additional strategies tend to be unique to each organization and their needs. Working with a qualified, and certified, IT asset disposition company is how most companies get the expertise and guidance needed to manage these programs securely and effectively.

For more information on how to build a successful global IT asset disposition program, view this white paper.