Data Sanitization 101: How to Prepare for an ITAD Initiative
One of the most important decisions you can make as you prepare to dispose of your company’s retired IT assets is what to do with the data stored on their hard drives and other storage media. If that data reaches the outside world, your company could have a costly and embarrassing remediation effort on its hands. How costly? Recent estimates reach into the millions of dollars, depending on the severity of the breach and the type of information leaked.
Here are the key data sanitization decisions you should make before recycling or remarketing your company’s retired IT equipment.
Decide whether to destroy or sanitize your drives
Physically destroying hard drives is a sure way to guarantee data security, but it also decreases the value for equipment you might be trying resell. To ensure the maximum return on your IT investment, this should not be an either/or decision. Companies that decide to physically destroy all their old hard drives are missing out on opportunities to generate more revenue through remarketing. Companies that decide to sanitize all their retired equipment—wipe the data off them while allowing them to be reused—are wasting resources in cases where the equipment can’t be resold anyway. This decision should be based on knowledge of the market and the best practices for preparing equipment for resale. A good IT asset disposition partner will be able to advise you in these areas.
Find an ITAD or data sanitization vendor
Consider having a certified vendor perform data sanitization instead of using your own team. Good IT asset disposition vendors provide data erasure services, saving your organization the cost of taking your staff away from other projects. When a vendor does data sanitization right, it can ensure that sensitive data has been removed from your IT assets according to the latest best practices and in compliance with your industry’s regulations.
Choose a vendor with NAID AAA certification for data sanitization
Many vendors say their data sanitization procedures follow the latest best practices, but with so much on the line, can you afford to take their word for it? You could gather this information for yourself—by observing your vendor’s data sanitization process, visiting its facilities, performing background checks on its employees—but that would be extremely time consuming, especially when you are choosing among multiple vendors. Save yourself the trouble and look for vendors that have received AAA certification from the National Association for Information Destruction (NAID). NAID is the industry-leading certification body in the field of data sanitization. If you use a NAID certified data sanitization vendor, you can be sure that it meets the highest standards for data security and its entire disposition process has been documented.
Consider On-site vs Off-Site Services
For many companies, allowing sensitive data to leave their facilities—even to go to the facility of a trusted ITAD partner—is out of the question. Meeting this requirement increases costs, but that may be a small price based on your company’s risk factors. That’s why some vendors offer on-site data sanitization or physical destruction services. With the use of mobile equipment, these partners can bring a trained staff to your facility and perform data destruction and sanitization to the same level as can be accomplished offsite. NAID certifies data sanitization providers for mobile as well as plant based services.
Other ITAD decisions
Choosing a secure and affordable data destruction procedure is one of the important steps in preparing for an ITAD initiative. There are several more, however, to ensure your company is getting the most out of its IT investment, ITAD costs are minimized, and disposition data is integrated into your asset management system.
Our complete guide for IT asset managers discusses these objectives and suggests strategies to achieve them. Download the guide for free by clicking on the image below.
More Tech articles from Business 2 Community: