Many government agencies are unaware of the risks associated with improper IT asset disposition (ITAD). Equipment like laptops, hard drives, phones, and other mobile devices are a vital part of a government agency's larger information management system, containing sensitive government data and citizen PII. If you don’t track your end user tech throughout its lifecycle and the decommissioning process, you are left exposed to costly data breaches.
To mitigate the risks, it is important to have a secure plan to dispose of your old or unused IT assets. Don’t take the risk - here are six must-dos when introducing an ITAD program for your organization.
Read the original blog post here
Sure, this may seem like an obvious first step, but a recent study by Foundry showed more than 40% of organizations do not yet have a formal ITAD strategy in place. Start by establishing a policy that includes a detailed description of the IT assets you currently have and a list of the ones that need to be disposed of.
Prior to disposition, organizations should securely destroy data on IT assets, including sensitive citizen data, financial information, or intellectual property. The Foundry study also showed that 56% of organizations were disposing of assets in the trash and 79% storing obsolete assets on-premises. The consequences of data breaches can be catastrophic, leaving you open to massive financial losses and security threats. When it comes to your data, consider the level of risk that may be present if any of it falls into the wrong hands.
You should receive a certificate of data destruction from your ITAD provider, which will be important to demonstrate compliance with data security regulations. This certificate typically includes details like the make and model of the equipment that was sanitized (a common ITAD term that refers to the complete erasure of all data from a piece of equipment), the date the data was destroyed, and the name of the company that performed the destruction.
Regular monitoring and auditing of your organization’s ITAD program is crucial. Meeting security and compliance regulations is a big challenge in ITAD but one that cannot be ignored for two important reasons. First, regulatory bodies can impose non-compliance fines and other financial penalties. And second, the consequences of poor ITAD open your organization to reputational damage in a big way – do you want to be responsible for the identity theft of a citizen?
It’s important to select an ITAD partner that is certified and compliant with industry standards such as the R2 standard for Responsible Recycling and the National Association for Information Destruction (NAID).
Key questions you should be asking a potential ITAD partner include:
At Iron Mountain, no data has been recovered from drives we have decommissioned. Ever. The stakes have never been higher.
Available through the cooperative contract with OMNIA Partners, Iron Mountain offers solutions for storing, protecting, and managing information and assets to public sector agencies. This competitively solicited and publicly awarded cooperative contract reduces the cost of goods and services by aggregating the collective buying power of public sector agencies and streamlines the buying process. Learn more about protecting your data assets below!