The speed of technology continues to increase at an unprecedented rate. Product lifecycles grow shorter and the need for innovation is now a necessity. Organizations upgrading their IT equipment must also consider how to decommission their outdated equipment. Before the era of cyber theft, intellectual property rights, and data storage compliance regulations, IT departments regularly just tossed hardware into the trash bins or dumped it into the nearest landfill. Times have changed. Decommissioning IT equipment intact invites theft of your sensitive corporate data, and puts you at odds with laws that protect the rights of your customers data.
Below are a few things you should consider when planning to decommission your outdated IT equipment.
1. Execute Critical Backups of Your Data
Before you virtually or physically destroy the machine, properly back up and store your data. This assures that you don’t lose any critical or proprietary information, such as employee records or documentation needed to file the company’s taxes. A backup also serves as proof of exactly what data was on the machine that was destroyed.
2. Keep a Log for Decommissioning IT Equipment
Your IT department will need to establish a log book that centralizes the information on decommissioning IT assets. The log includes the identification of all destroyed equipment, the decommissioned date, and the process taken during the destruction. Also, create a punch list of pending tasks according to your company policy and compliance regulations. This assures the workers charged with the process don’t forget anything. Even the smallest oversight will return to become a huge burden for your organization.
3. Double Check Before Decommissioning IT Equipment
Before decommissioning, double-check the identity of the hardware. Having an IT asset management system in place streamlines this process. Make sure it is the right piece of equipment and include who the user(s) were in your log book. In addition, companies know the types of data stored on the machine from the user’s access level and job title. In summary, this is your proof later that the equipment was indeed disposed of according to company policy and the law.
4. Access Control and Network Management
Managing users and controlling their access into your network is an essential piece of your network’s security. Old user IDs left with access into your network will serve as an open gateway to hackers and other malicious cyber threats. When planning your decommissioning process, consider not just hardware but other means
5. Stay in Compliance
Many organizations must abide by a certain set of industry regulations to remain in business. Regulations such as PCI DSS, HIPPA, FERPA and FISMA require companies to accurately log every asset from purchase to disposal/destruction. In addition, The National Institute of Standards and Technology (NIST) require monitoring and quality control for data erasure and disposal of IT equipment.
In light of new malicious cyber-attacks and data theft, organizations must implement a thorough decommissioning strategy for outdated IT equipment. In addition, companies must follow proper data erasure and equipment disposal protocols to stay in compliance with industry regulations. When upgrading your IT equipment or relocating to a different building, be meticulous in logging every piece of equipment. Also, make absolutely sure any data stored on it is completely wiped clean and backed up in a secure location. Doing these simple things will save your organization and your customers a lot of headache in the future.
Share this Post