Reduce Security Threats during Disposal – Processes that Work and Why

By Jim Kegley

Data security, IT hardware disposal and environmental sustainability are among the most urgent topics of concern for IT decision makers. Yet, most IT capital goes toward improving internal security while off-network breaches remain a serious and often unrecognized threat.

The average lifecycle of a computer remains three years – which means safely disposing of these devices once their effective life is over is an increasing concern, especially for companies with thousands or tens of thousands of pieces of IT equipment. Retired assets being ushered out the back door are a serious liability if robust IT asset disposition (ITAD) procedures are not in place.

To make it even more challenging, the asset disposition industry is an emerging one, and a variety of techniques and processes are commonly utilized that do not offer the highest levels of protection. While many ITAD companies promise security, few actually deliver. Here are some key elements of ITAD to help you understand why some processes are better than others.

Wipe Data Onsite to Avoid Breaches

The risk of data ending up in the wrong hands is reduced when data on devices is destroyed before shipping offsite. If data remains on hard drives or other devices that are transported, you lose control of the process and risk loss or theft. The vendor should provide verification that all data has been wiped prior to shipment.

The expense of even a single security data breach is too high to risk complacency. Consider the costs of a recent data breach at BlueCross of Tennessee, where 57 hard drives were stolen while awaiting shipment to a vendor for physical destruction. Since then, BlueCross has spent $7 million in forensic costs trying to find out what was on the stolen hard drives. More than one million customers were impacted by the breach.

Electronic Tracking Systems

Tracking IT assets is not as simple as counting them before and after they are wiped and shipped. Each piece of equipment must be tracked individually, every step of the way. Preferably, a vendor should use an electronic verification system that is redundant and records the status of each unit as it moves through the ITAD process.

Upon arrival at your location, the vendor should perform an initial inventory check with the electronic tracking system, of all equipment by type and reconcile these quantities against expected counts to ensure that all scheduled equipment is present for disposition. Utilizing an up-to-date bar code scanning solution ensures correct identification of hardware serial numbers and provides an accurate audit trail of hardware. Without an accurate record, liability for lost data cannot be prevented.

The electronic system is also useful for real time, en-route tracking and an audit upon arrival at the vendor’s warehouse to verify receipt from your company’s location. The use of an automatic system and rechecking inventories eliminates the potential for human error.

Guaranteed Prices for Retired Equipment

As IT asset managers, you can turn asset disposition into a profit center by negotiating an upfront purchase with a qualified vendor. This ensures a guaranteed price for the equipment and avoids the risks of consignment pricing models including depreciation of inventory and the many associated fees. Transfer of ownership is also a major added benefit for you and your company because it eliminates risk by reassigning it to the vendor.

Remember Overlooked Devices

While it is easy to focus on destroying data from hard drives in computers and laptops, don’t forget that copiers, smartphones, fax machines, scanners, printers and USB drives can all hold sensitive information. Physical destruction of the media is recommended for equipment that cannot be wiped, as there is no reliable method of destroying data.

Recycle or Refurbish

Sustainable initiatives represent a new standard in responsible business; supported and enforced by international, federal, state and local governments. Numerous high profile incidents in the last year have heightened the awareness of the community at large to the shortcuts many companies take in computer disposal.

Technology assets contain pounds of toxic chemicals, from lead to mercury, to harmful plastics. If IT assets are not transitioned in an environmentally responsible manner, they will very often find their way to third world countries where they are smelted in an environmentally destructive process to reclaim small amounts of precious metals.

To avoid improper breakdown of these items, your ITAD vendor should recycle retired IT assets according to EPA guidelines and adhere to a 100 percent no-landfill policy. Most vendors rely on third parties for downstream processing of equipment adding another layer of risk to the disposition process. The best solution: to retain control and eliminate reliance on multiple vendors, look for an ITAD partner that has the infrastructure in-house to process e-waste. Schedule a facility visit with your vendor to see their process firsthand.

Not all assets that need to be relinquished are at the end of the life cycle. Many vendors will refurbish any viable equipment and donate the revived equipment to charities that provide units to people who may not have access to technology.

Using these best practices, you will be able to navigate the IT asset disposition industry and select a vendor that will safely dispose of your company’s retired IT assets, while protecting your company’s reputation and creating profit.

About the Author

Mr. Kegley is the founder and president of U.S. Micro Corporation, a major innovator and leader in ITAD and enterprise IT recycling since 1995. U.S. Micro disposes of more than a million IT assets annually, serving Fortune 500 companies that demand the highest levels of data security and environmental stewardship. To further its sustainable initiative, the company refurbishes and sells 90 percent of IT equipment; the remaining 10 percent is EPA-compliantly recycled. U.S. Micro is committed to a 100 percent no landfill policy and was awarded G.R.A.D.E. certification (Green Recycling Asset Disposal for the Enterprise) by IDC. For more information, visit www.usmicrocorp.com.