Secure IT asset disposal is vital to any organisation’s data security. Therefore, for many companies, their ITAD policy is included as a sub-section of their wider cybersecurity strategy. However, to remain compliant with all ITAD regulatory directives, your organisation’s asset disposal policy must adequately and accurately reflect the way our digitalised businesses operate in 2023.
Responsible IT asset disposal now stretches far beyond the need to protect company data. Of course, your IT asset disposal policy should demand secure data erasure, but it should also address the sustainable physical disposition of your redundant IT equipment. Should this policy now be standalone? Whether it is its own document or included within another strategy, when writing your ITAD policy, what should be included and where do you begin?
What to consider before creating an IT Asset Disposal Policy?
The creation of an ITAD policy provides the opportunity to thoroughly evaluate each stage of your end-of-life IT assets disposition. However, a stage commonly missed at the beginning is the need to take a retrospective review of your current procedures.
Inventory Management.
In the era of hybrid working practices, it’s harder than ever to maintain detailed records of exactly what you have, or crucially, where it is located. A full IT audit will ensure you start the policy process with a complete, accurate inventory. This not only categorises the device itself but also identifies whether it contains personal data; this might include Bring Your Own Devices. (BYOD). Do you need to include any other assets that aren’t already listed? Are data-rich mobile devices and smartphones tracked in the same way as a corporate laptop?
Your audit provides an opportunity to reassess how devices and tracked and monitored throughout their lifecycle. Are these assets tagged with their serial number so they can be traced throughout, all the way from procurement to disposition?
As this details the device’s age, condition, performance and current use, the inventory assessment will help to advise your decisions on whether to retain, upgrade or store business technology for future redeployment.
IT asset disposition services have evolved to offer lifecycle management services to assist busy CISOs and CIOs with inventory management, asset tracking, and data sanitisation to ensure that all assets are accounted for, secure and professionally documented.
What should be included in a sustainable ITAD Policy?
Roles & Responsibilities.
Define specific responsibilities for each stage of the process. Formally assigning these to senior roles within your organisation will ensure accountability.
Your employees will be unable to comply if they are unaware of the company policy. Those who assume responsibility should also educate the wider team regarding the importance of asset disposal, asset handling best practice and the consequences of improper disposition practices.
If you use an ITAD partner to support you with lifecycle management or sustainable data destruction services, they should be included in this section. It is important to note that any third-party provider you use will be considered to be a data processor under the . Therefore, you should look for a highly accredited, certified vendor and ensure you have a written contract.
Objectives & goals.
What are the objectives of an ITAD policy? Note the explicit goals you are aiming to achieve in detail. These will provide your key parameters when assessing progress.
Set specific targets for each broader category. Rather than simply reducing e-waste, what percentage reduction could be achieved? Will you choose more environmentally friendly ITAD services to maximise reuse? Do you plan to combine IT asset disposal with your CSR – might you donate a percentage of your redundant IT to a charity?
ITAD Regulatory Compliance.
Ensure your policy aligns with all relevant industry, data privacy, environmental and waste management regulations, such as the EU’s WEEE directive – these all carry legal and financial penalties. List all obligations that you are legally responsible for and how you will prove your compliance if needed.
How will you demonstrate the ITAD chain of custody? Which documentation will evidence your compliance with the GPDR data destruction requirements should you be audited by the Information Commissioner’s Office?
As you might expect, IT asset disposal services live and breathe ITAD compliance regulations as a core part of their service; they will ensure you are up to speed and aware of all obligations. And they are also governed by the same legal directives.
Extending lifetime value.
A sustainable ITAD policy should include your efforts to extend the lifespan of corporate assets. This demonstrates an organisation’s commitment to the circular economy, the reduction of e-waste and greenhouse gas emissions by decreasing the manufacture and transportation of new devices.
The truth is our business technology can be upgraded and remain productive for far longer than our 3- 4-year refresh cycles. Storage, RAM, screens and even mouse trackpads can be replaced if broken or more functionality is required. These can be redeployed within the business or organisations can sell redundant IT assets via trusted resale platforms, such as those operated directly by leading IT asset disposal companies.
Not only are our devices useful far longer than we might anticipate, they still hold financial value – asset recovery can provide a substantial boost to your corporate budget. With a comprehensive knowledge of the resale and remarketing sectors, your ITAD supplier can ensure you take full advantage of this residual return. Keep in mind that depreciation continues in the store cupboard, so it is a good idea to send devices for disposition as soon as possible when to recover maximum value.
Sustainable disposal methods.
Physical drive destruction is no longer needed to address data governance challenges and comply with data privacy laws. Secure data wiping services using advanced Blancco data sanitisation software provides the same level of data security as degaussing and data shredding procedures. Moreover, once complete, a full IT asset disposal accreditation certificate is produced for each individual asset.
You should state which sustainable disposal methods and techniques will be implemented for each category of device – include everything from the erasure of a single external SSD to big data ITAD and data centre decommissioning. What exact procedure will be followed for each technique? How will this safeguard the data?
Depending on your sector, other data destruction services may be required by industry-specific legislation. If this is the case, this should be added to your policy.
Recycling.
Your sustainable ITAD policy should document the process once devices inevitably reach the end of the road. Even at the end of their lifecycle, highly accredited IT disposal services ensure that all recoverable components, such as precious metals, are returned to the remanufacturing industry. Any parts that cannot be reused are sent for further processing. Doing so through the correct channels means that hazardous elements contained in our technology, do not end up in landfill, eventually leaching into our soil and water systems.
Record keeping & reporting.
Keep accurate records at each stage of the process. All equipment marked for ITAD on your IT inventory should specify exactly what form of IT asset disposition is to occur. For example, is it to be resold or recycled?
Where will devices be securely stored if awaiting disposition? Who is responsible, who will action this and when? If you outsource ITAD, will the equipment be transported to their facility in GPS-tracked security vans?
Once disposition has taken place, you should ensure these records are retained for compliance purposes.
Policy review.
Document when you will review and update your organisation’s ITAD policy to ensure it is always fit for purpose. How will you monitor progress against your goals, identify any areas for improvement or keep up-to-date with sustainable ITAD best practices?
Your policy should be reviewed annually. However, you should also reassess if new regulations are introduced, if you experience rapid business growth or digitalisation, or if you move towards new working practices, such as becoming a fully remote organisation.
A sustainable IT asset disposal policy achieves far more than ensuring your data security or that you comply with your regulatory responsibilities. It is easy to overlook the host of business benefits of an IT Asset Disposal Policy.
Maximising lifetime value and recovering residual asset value can deliver substantial cost savings. Sustainability drives today’s businesses with consumers actively seeking ethical brands. By choosing to adopt a ‘reduce, reuse, recycle’ culture and implementing sustainable data erasure best practices, you will contribute to your organisation’s ESG rating – bolstering your organisation’s reputation significantly.
By incorporating sustainability into your ITAD policy, your corporation will establish a responsible, ethical and compliant IT asset management strategy for the future.
At tier1 Group, we work closely with our clients to deliver circular, environmentally friendly ITAD solutions that help you adopt effective, sustainable IT asset disposal policies.
Our zero-landfill policy along with our industry-leading refurbishment and recycling facilities ensure that you maximise your budget through asset recovery, whilst we guarantee your legal compliance.
To find out more about our auditable secure data erasure services and 5-star resale platforms – contact our friendly teams on 0161 777 1000 (Manchester), 01621 484380 (Maldon) or visit www.tier1.com
Resources.
The Information Commissioners Office, ERI Direct, All Green Recycling, Pensar,