Data breaches of any kind have huge impacts on businesses. Not only do companies open themselves up to costly lawsuits, the adverse publicity that inevitably accompanies them can also have far-reaching consequences for brand and reputation.
If you are charged with protecting your company’s assets, you’ll know these issues aren’t always caused by cyber hackers and malware. One of the largest investment banks was hit with a lawsuit after it had worked with an IT asset disposition (ITAD) vendor to dispose of equipment, only to later learn that data wasn’t fully wiped, and the equipment had subsequently gone missing.
The growing ecosystem of devices in an organization together with the rate that technology advances, means assets are replaced ever more frequently. The move to equipment being distributed more widely in employees’ homes since the COVID-19 pandemic has only added to the complexity of IT asset disposition.
The Importance of a Secure ITAD Process
To protect proprietary information, as well as customer and employee data, you need to incorporate a robust, transparent, and auditable ITAD process.
-
Track IT assets across their lifecycle from acquisition through to disposal. Knowing what is in use and where it is at all times will reduce the risk of exposing data through theft and allow you to identify assets that are nearing end-of-life more easily.
-
Communicate regularly with employees to explain their role in eliminating the risks of exposing proprietary or customer data, including their role in asset disposal. Having a clear policy will help you to familiarize them with the procedures for handling hardware disposal.
-
Implement a clear process and checklist for both internal employees and ITAD vendors.
-
Document each step as completed for audit trals, including details of employee, contractors and subcontractors involved, as well as certificates of destruction.
The Four Stages of IT Asset Disposition:
To ensure proper handling of IT assets before they enter disposal programs follow these steps:
-
Identify which assets have reached end of life and mark those for disposal.
-
Classify equipment as data-bearing or non-data bearing.
-
Before this you need to define what data-bearing means for your organization. For example, data-bearing assets could include equipment such as servers, laptops, mobile devices, video and graphic cards, removable thumb drives and more.
-
Prepare assets for disposal.
-
Keep up-to-date documentation for tracking and auditing.
Given the growing ecosystem of assets in any organization, to cut the number of processes, checklists, and tasks you are tracking, you should group assets by the disposal process you will use (e.g., shred onsite, wipe data and have vendor pick up, or vendor pick up and shred). You can also incorporate tasks associated with recycling or reusing your equipment and showing that you have disposed of it in a safe and environmentally responsible manner.
ReadyWorks has put together an ITAD Checklist for Onsite Vendor Activity that can help you with this process. Download the checklist.
While a checklist will get you some of the way, it’s vitally important to keep on top of all your checklists for every asset that you dispose of. You can do this manually, but you’ll get bogged down in spreadsheets or make errors as you strive to monitor the progress of tasks done in house or by your ITAD vendors.
To simplify this and reduce risks of data breaches, you could consider adopting a platform that offers visibility at every stage of the program and uses automation to cut the effort and time associated with ITAD.
Centralize ITAD for Full Visibility and Accountability
ReadyWorks offers you a way to centralize your ITAD processes and checklists and simplify tracking and monitoring to reduce the risk of data breaches and ensure clear accountability at every step. It does this by:
-
Giving you a real-time visibility into the status of assets during the ITAD process.
-
Allowing you to access templates based on your pre-defined processes for each asset type that automatically trigger workflows, assign tasks, and generate checklists relevant to how the assets should be handled, while allowing task owners to mark task completion in a central location to trigger any workflows that follow.
-
Allowing you to upload and associate documentation and images - for example images vendor pick-ups and destroyed devices – with specific projects and assets, for audit trails.
-
Giving you access to dashboards to view progress in real-time.
See how you can drive greater visibility and accountability into your IT asset disposal program to protect proprietary data and brand reputation and minimize security risks. Schedule a Demo with ReadyWorks.