The physical systems and digital devices at the heart of your business have an operational lifespan
However, even obsolete IT hardware can still have a value, if only for the data that it contains, so disposing of it securely and efficiently is therefore essential. That’s why businesses of all sizes need to establish a secure IT asset disposition (ITAD) programme as a failure to properly dispose of end-of-life IT equipment can have serious consequences for your data, the environment, your brand reputation and your bottom line.
So what exactly is secure ITAD? Fundamentally, it’s a safe and sustainable approach to dealing with retired IT assets that includes recycling, remarketing and compliant destruction. From a business perspective, there’s a range of issues that need to be addressed, including data security and data privacy regulations, as well as electronic waste disposal laws, such as the Waste Electrical and Electronic Equipment (WEEE) Regulations.
And how do you go about establishing a fully featured secure ITAD programme?
Setting out the basics
First, your business needs to develop a plan of action that brings together your IT, information security and office management staff, with oversight from senior executives. To be fully effective, it should establish a decommissioning strategy that covers the compliant disposal of retired hardware and the destruction of data.
Next, you need to ensure that all the data on your old hardware has been permanently eradicated and is non-recoverable. Given the importance of this step, it is likely that you’ll need assistance from a third-party disposition expert.
Third, you need to know the whereabouts of your assets throughout the disposition process. A secure chain of custody is vital to prove compliance and so, once again, it is advisable to employ the services of an outside expert – a company that offers rigorous security practices, such as asset itemisation, GPS tracking and protected transportation, all backed up with supporting documentation. Having a secure chain of custody is critical because it ensures that the IT assets are tracked during each step of the process from pick-up to final disposition.
You should also build a business case for secure ITAD based on measurable benefits. Start by gauging what it might cost your organisation if its data were compromised. The short, stark answer is “a lot of money” and your brand’s hard-won reputation. In addition, quantifiable savings can be made by upgrading IT systems, which can result in cuts to maintenance expenditure and optimised software licensing costs, as well as enhanced data protection.
And finally, publicise your achievements – make it part of your corporate responsibility message to “do well by doing good”. By working with a certified partner organisation you can be assured that your IT assets are being reused, remarketed or recycled to the highest global standards as proper disposal significantly reduces the risk of environmental damage. It makes good business sense to point this out and explicitly tie your Environmental, Social and Governance (ESG) performance in with your business imperatives.
Ironing out the problems
What at first might seem reasonably straightforward can actually get quite complicated. For example, one of our customers, Mott MacDonald, a global engineering, management and development consultancy, knew it needed help securely disposing of its end-of-life, data-bearing assets. Key drivers included minimising the risk of reputational damage from data loss and licenced software being used inappropriately, as well as the opportunity to enhance its sustainability and lower total cost of ownership through responsible IT remarketing.
By choosing a single global secure ITAD partner, the company’s IT teams don’t have to dismantle or wipe old hardware, freeing up their time for more valuable work, while employees get the latest technology, sooner. Overall, the business benefits from higher productivity, a decreased risk of data breaches, a reduced carbon footprint and sustainable practices in line with its corporate responsibility objectives. It also stands to realise up to £500,000 in annual revenue, through responsible IT remarketing, once all its sites are in the scheme.
Securing the future
Before settling on a secure ITAD programme you need to evaluate the costs of managing an IT asset disposition plan as well as the potential costs of not implementing one. There’s no ‘one size fits all’ approach as no two companies have the same business needs, although the objective remains the same: secure IT asset disposition is about saving your company money and reducing its risk of exposure.
Such an important job can’t be left to chance; always work with a trusted secure ITAD partner with a proven track record of delivering a secure, end-to-end service with quantifiable outcomes.
About the Author
Christopher Greene is Senior Director and General Manager – Secure IT Asset Disposition at Iron Mountain. Iron Mountain’s solutions portfolio includes records management, data management, document management, data centers, art storage and logistics, and secure shredding help organizations to lower storage costs, comply with regulations, recover from disaster, and better use their information.