By Kevin Akaloo, national head of sales, Iron Mountain South Africa
The physical systems and digital devices at the heart of businesses have an operational lifespan. However, even obsolete IT hardware can still have a value, if only for the data that it contains, so disposing of it securely and efficiently is therefore essential. That’s why businesses of all sizes need to establish a secure IT asset disposition (ITAD) programme, as failure to properly dispose of end-of-life IT equipment can have serious consequences for organisations’ data, brand reputation, bottom line and the environment.
So, what exactly is secure ITAD? Fundamentally it’s a safe and sustainable approach to dealing with retired IT assets that includes recycling, remarketing and compliant destruction. From a business perspective, there’s a range of issues that need to be addressed, including data security and data privacy regulations, as well as electronic waste disposal laws, such as the National Environmental Management Waste Amendment Act.
And how do businesses go about establishing a fully featured secure ITAD programme?
Setting out the basics
First, organisations need to develop a plan of action that brings together IT, information security and office management staff, with oversight from senior executives. To be fully effective, it should establish a decommissioning strategy that covers the compliant disposal of retired hardware and the destruction of data.
Next, organisations need to ensure that all the data stored on old hardware has been permanently eradicated and is non-recoverable. Given the importance of this step, it is likely that they’ll need assistance from a third-party disposition expert.
Third, they need to know the whereabouts of their assets throughout the disposition process. A secure chain of custody is vital to prove compliance and so, once again, it is advisable to employ the services of an outside expert – a company that offers rigorous security practices such as asset itemisation, GPS tracking and protected transportation, all backed up with supporting documentation. Having a secure chain of custody is critical because it ensures that the IT assets are tracked during each step of the process, from pick-up to final disposition.
Organisations should also build a business case for secure ITAD based on measurable benefits. Start by gauging what it might cost the organisation if its data were compromised. The short, stark answer is “a lot of money” and the brand’s hard-won reputation. In addition, quantifiable savings can be made by upgrading IT systems, which can result in cuts to maintenance expenditure and optimised software licensing costs, as well as enhanced data protection.
And finally, publicise the organisation’s achievements – make it part of the corporate responsibility message to “do well by doing good”. By working with a certified partner, organisations can be assured that their IT assets are being reused, remarketed or recycled to the highest global standards as proper disposal significantly reduces the risk of environmental damage. It makes good business sense to point this out and explicitly tie the organisation’s environmental, social and governance (ESG) performance in with its business imperatives.
Securing the future
Before settling on a secure ITAD programme, organisations need to evaluate the costs of managing an IT asset disposition plan as well as the potential costs of not implementing one. There’s no ‘one size fits all’ approach as no two companies have the same business needs, although the objective remains the same: secure IT asset disposition is about saving companies money and reducing their risk of exposure.
Such an important job can’t be left to chance; always work with a trusted secure ITAD partner with a proven track record of delivering a secure, end-to-end service with quantifiable outcomes.