Businesses these days have so many IT assets that it is sometimes hard to keep track. It is however important that there is someone within your company who is ultimately responsible for this and that a strategy is in place to ensure that any assets that are disposed of are done so in line with the Data Protection Act and with UK and European regulations. Here are some guidelines to ensuring that your unwanted assets are dealt with appropriately.
What Should Be Covered In Your Disposal Strategy?
A good place to write up your disposal strategy is as an extra section in your company’s security policy. It should be a how to document which provides answer to the pertinent questions such as how will items be disposed of when they come to the end of their life? Will they be reused, recycled or destroyed? And by who? It is important that you state who is responsible for doing this and the methods and a relationship will need to exist between your company and any third party who takes on the disposal of hardware for you. Speaking to disposal professionals at places like shredall.co.uk will answer any questions about the options that are available for the disposal of such assets.
Choosing an IT Asset Disposal Company:
When speaking to any third party company who wants to be responsible for items that contain your personal data it is important that they are able to provide all of the guarantees that you need to feel confident that it will be destroyed fully and correctly. Visiting the disposal companies site and seeing their processes in motion can provide the confidence that you need. Many companies also provide certification of destruction. Ensure that any company that you contract to do this work for you meets with your satisfaction.
Monitor Your Assets:
Any company should have an ongoing inventory of all of its assets. There should be a process alongside of this to ensure that an audit trail is kept of all assets that are disposed of, how and by whom. It is worth having a regular review of the information to ensure that both you as a company and your third party provider, if you have one, are dealing with assets appropriately. Ensure that it is part of someone’s role and responsibilities to deal with this or you may find that records and processes become out of date and unmanageable very quickly.
There is an element of trust when it comes to the disposal of IT assets which contain personal data. It is important that all of the associated processes and providers are in line with each other. This will ensure that your IT assets are disposed of in the most secure and ethical manner possible.