Stay Tech Compliant: 7 Ways to Properly Dispose or Decommission Old Technology
Whether you are moving to the cloud, refreshing equipment, moving offices and/or datacenters, or simply cleaning house, properly discarding of old machines can be a tough task. The complexity of decommissioning IT assets only becomes more of a burden when you’re working in a highly regulated industry sector.
HIPAA & PCI Compliance are the most common regulations that require documentation of decommissioned assets to ensure confidentiality of patient records and consumer information. Our friends at XTechnology Global have compiled 7 helpful tips for retiring hardware legally and safely for all involved:
1. Create a Log or Checklist to Document the Entire Decommissioning Process
Your IT service desk should establish a logbook that centralizes all information on decommissioned IT assets. The log should include the identification of all destroyed equipment, the date it was decommissioned, as well as meticulous detail on the steps taken during the process. Also, provide a checklist of what needs to be done according to company policy and compliance regulations. These steps will ensure that the workers responsible don’t overlook crucial components to the process. Even simple oversight can come back to haunt you in the form of costly fines. If you have opted to work with a 3rd party, ensure they have experience in documentation and asset audit logs, including machine serial numbers, makes & models, and asset tags.
2. Confirm the Identity of the Asset
Before taking any action, you should confirm the identity of the hardware to be destroyed. If you have an IT asset management system in place, this should be easy. Make sure it is the right piece of equipment and include who the user(s) were in your log book. This ensures you know exactly what types of data were stored on the machine, since you know the user’s access level and job title. This documentation will later serve as your proof that the equipment was indeed disposed of according to company policy and compliance.
3. Make Sure Critical Backups are Done
Before virtually or physically destroying a machine, make sure the data is backed up and stored securely. This ensures you don’t lose any critical or proprietary information, such as employee records or documentation needed to file the company’s taxes. A backup will also serve as proof of exactly what data on the machine was destroyed.
4. Disable Network & User Access
Old User IDs are a threat to any organization. It is crucial to disable user access and remove decommissioned IT assets from the internal network in order to prevent unauthorized access from former employees or a malicious party.
5. Wipe Sensitive Data Off the Hard Drives
The erasure process should be done by an expert who understands the complexities involved in the process, including multiple scrubbings. It is also important to audit the equipment between scrubbings to ensure all data is completely wiped before recycling.
6. Consider Physical Destruction of the Asset
The best course of action to ensuring no one can gain unauthorized access to data again is to demolish the hardware itself. Some organizations specialize in this and operate facilities that are equipped with utilitarian machinery that can destroy the equipment. The advantage of using such a service is that these professionals usually document the process which aid in the decommissioning processes.
7. Is There Value?
As with any asset, there could be some potential value left in it. Working with a true ITAD (IT Asset Disposition) company such as XTechnology Global can evaluate these assets to provide savings for this soon to be decommissioned equipment.