5 Tips for Computer Disposal and Data Destruction

Posted by Frank Milia

Aug 17, 2015 10:42:00 AM

At ITAMG we have been advising our clients on the big picture best practices for IT asset management, computer recycling, and secure data erasure. The following are five specific tips to help you make the most of your IT asset disposal program.

Recycle_Logo_Finish

1)     Communicate your needs.  We can help with refresh strategy, relocations, and more. As an IT asset management and disposal vendor we bring a unique perspective and skill set to advising on refresh projects, office and data center moves, and general procurement strategies.

 

Do:

Keep your asset disposal vendor in the loop on any major projects that effect your business operations and IT planning. We are familiar with a wide array of challenges that large organizations face during various projects and are happy to help your firm conquer them all.

Don’t:

Don’t wait to the final hour of a large project to enlist the help of your disposal vendor. The more lead time given to prepare statements of work, an action plan, quote costs and returns, and plan logistics the more likely a project will conclude successfully and within budget.

 

2)     Reset or clear any BIOS and Admin Passwords from laptops in order to assist with data erasure and re-imaging of machines for refurbishment and sale.

 

Do:

Create a depository of admin passwords by model or other machine attributes to share with your computer recycling vendor. At minimum keep a master list of all Admin Passwords. If your firm can’t share Admin Passwords make sure to set to a default password before disposing of the machine.

Don’t:

Do not allow IT or other employees to create and use admin passwords that are not standardized or otherwise recorded for future reference. Don't expect full value for Apple equipment, laptops, or similar devices if admin passwords are not available or can not be reset prior to disposal. 

 

3)     Instruct users to remove returned Apple devices from their iCloud accounts. iCloud is used to track lost or stolen assets and unless a device is removed from a registered account your company or disposal vendor may not be able to legally reuse valuable and desirable assets.

 

Do:

Notify users across your organization that are using personal iCloud accounts on company assets to remove his or her device from the account when turning the asset back in. Create a depository for tracking iCloud user names and passwords for company generated iCloud accounts so devices can be removed from users profiles and sold or otherwise reused.

Don’t:

Don’t allow users to use personal iCloud accounts on company owned assets. Put a policy and process in place for users to use company provided iCloud profiles for company owned Apple devices. Managing the devices this way will allow your firm to control the devices on the user’s account and ensure the assets are reusable or eligible for liquidation returns at retirement.

 

4)     Manage end of life data security appropriately.  Lock up unencrypted media that are threats of exposure until data destruction is performed.

 

Do:

When pulling machines out of the working environment make sure all data containing devices or locked in rooms, cages, or containers that can only be accessible by employees with appropriate security clearance. Label and utilize locked containers to store any loose end of life media.

Don’t:

Don’t store assets or media in conference rooms, hallways, or open office spaces where the general public, building employees, or any other employees or visitors may be able to access them. Do not leave loose media or hard drives sitting in data centers, storage closets, or any other office space.

 

5)     Handle equipment with care during physical consolidation and internal relocation. Liquidation returns on equipment are contingent on the working and cosmetic conditions of surplus computer equipment.

 

Do:

Ask us about the safest way to move all different types of equipment. Moving equipment throughout an office using carts or commercial moving bins is probably your best option. Treat the equipment with the same level of care used during implementation when removing the equipment from the environment.  We are happy to provide tips on how to pack and move equipment efficiently and safely.  

Don’t:

Don’t grab or apply pressure to LCD screens, scratch screens by letting equipment rub together, excessively stack laptops, damage rail kits or face plates on servers, or cut power cords from UPS, power, or any other equipment.   Avoid packaging or dismantling equipment without clear direction from an ITAMG professional. Do not allow a commercial moving vendor to abuse retired equipment simply because it is categorized as excess, waste, retired, salvage or other.

 

Looking for more tips on getting the best value back on your company's responsible computer disposal practices?

Download the ITAMG Inventory Template Today:

Tips & Inventory Template

 

more

Topics: IT Asset Disposal, Computer Liquidation, IT Management, Electronic Waste Management

5 Attributes of a Successful IT Asset Disposition Program

Posted by Frank Milia

Aug 25, 2014 2:29:00 PM


Government agencies, corporations, and various institutions are taking measures to improve IT asset management and disposition practices in order to mitigate risk of a data breach, achieve environmental initiatives, and ensure optimal financial performance. The following are some key pieces to building a secure and efficient IT disposal program.  

Apple_Equipment_Liquidation


 

1. Implement and utilize an asset management and inventory system

An asset management program’s success will be driven by the inventory tools and processes in place to track assets from cradle to grave, or in other words from the time of an asset’s implementation until the asset is recycled or liquidated. The inventory management system should be utilized to document when an asset is disposed of, its final destination (vendor and asset status), and what administrator or manager signed off on the disposition.

Having robust asset management data that includes model numbers, serial numbers, and other attributes and specifications of equipment also allows an organization to bid out an asset disposal contract more effectively and for more competitive returns.    

2.Track and maintain documentation of disposition and data destruction of assets

Asset management disposition data should be reconciled with the data provided by a firm’s disposal vendor. These inventory reports, settlements, and certifications of destruction and proper handling should be maintained in accessible formats.

The most sophisticated asset disposal programs utilize integration with a disposal vendor’s asset management software in order to confirm and document the disposition of an asset.  In the case of a full integration an asset management team can mark an item as shipped or disposed of and track the receiving, processing, sale, or recycling of the asset.

3. Sign a formal agreement with an IT asset disposition vendor or managed service provider

Take the steps to put an agreement in place with an IT asset disposal provider that documents your firm’s due diligence, understanding, and expectations of the vendor and performance milestones of the disposition program.

A standard Master Service Agreement (MSA) should include the following:

  • Data security and privacy policies (including process for disclosure of potential exposures)
  • Commitment to environmental recycling controls and compliant waste management

  • Insurance coverage

  • Overview of service levels, process, financial obligations, reporting and billing standards

4. Develop a data destruction process driven by NIST 800-88 Guidelines for Media Sanitization

If you’re unfamiliar with NIST 800-88 you can learn more from this introduction blog entry.

Developing a data destruction program to the best practices outlined by NIST 800-88 will ensure end of life data security as well as develop a process to maintain audit ready documents that are necessary to validate a firm’s data privacy compliance.

A program following the NIST 800-88 method will identify risk, categorize media, select effective eradication methods, set quality assurances, record and certify destruction of assets, and place responsibility of the program’s success on senior managers.    

Every organization should be considering the risk of a data breach caused by improper data sanitization and set eradication methods and disposal processes according to data privacy laws and industry specific regulations (e.g. HIPAA for health and human services).

5. Create an accounting mechanism to keep liquidation returns in the IT budget

IT asset managers and acting directors are tasked to quantify value to executive management and IT operations. Efficient liquidation of assets can yield significant returns, and these financial recoveries should not go unnoticed.

IT asset managers should develop accounting mechanisms to track returns from the disposal program as well as to keep the funds in the IT budget. This can be achieved by using a credit system for future product purchases or services instead of receiving direct payments from a disposal vendor. The disposal provider can provide goods and services directly or partner with an OEM or VAR to do so.  



Learn More About IT Asset Disposal Best Practices:

5 Data Destruction Tips



 

more

Topics: IT Asset Disposal, IT Management, data sanitization, NIST 800-88

5 Lessons CIOs Can Learn from Star Trek: The Next Generation

Posted by Frank Milia

May 12, 2014 10:22:00 PM

Avid Star Trek fans and casual viewers alike probably agree that the show’s success is thanks to the moral and philosophical narratives that overshadow the fun science fiction, campy action, and special effects of the series.

IT Asset DispositionThe above image is from NASA.GOV. ITAMG is not affiliated with NASA and our use of this image does not imply NASA approves of this content or in any way endorses or utilizes our IT asset disposal services.  

Recently I began to notice there were many managerial lessons to take away from the crew of the Starship Enterprise. In tough leadership dilemmas I even find myself asking the question- what would Captain Picard do? That is other than ordering up a tea, Earl Grey, hot. I’m more of a coffee drinker.

The following are 5 Tips from the TNG leadership that could improve any CIO or executive management team.  

1. Hire a “Chief of Security”, like Worf, and prioritize the security of your network, data, and fixed assets from attack by insiders, competitors, and criminals. In a recent PwC study “The Global State of Information Security Survey 2014” 18% of the companies surveyed felt their greatest obstacle to improving information security was due to a lack of experience and leadership from a CISO / CSO. Take a lesson from Picard and put an experienced security professional in charge of developing and implementing your security strategies. Worf always put security measures ahead of any other goal and you need a dedicated resource to do the same for your firm.

2. He may not be a beloved character but there is a lesson to be learned from the accelerated promotion of young Ensign Wesley Crusher. There is no place in or outside of the workplace for age, racial, gender, or any other type of discrimination. It is important to invest in all available talent through continuing education as well as to promote inside staff whenever possible. Furthermore young energy and fresh perspective can create an exciting and creative approach to problem solving. There are also programs like All Star Code that can help your organization cultivate new technology candidates in communities that are currently under represented in the field. Well before attending the Academy Wesley Crusher proved himself as an unrivaled problem solver and a key member of the Enterprise’s success.  

3. Follow the “Prime Directive” and do not abuse or over extend the power of your technological advancement. The culture of an information technology department should be one that champions service, availability, security, and innovation with the goal of supporting the key mission of the organization. Technology should provide for and enable users and never be utilized to inappropriately collect information, or interfere with the organization’s core operations. The best IT departments will provide service to users with a soft hand and a light presence. A CIO should disseminate a mission statement that matters- give your team a cultural identity and code of operation, and then make sure they live it.

4. During difficult times make sure as a leader you take a tour with the “away team”. An effective leader takes the time to report to the trenches in order to obtain a direct understanding of the challenges the team faces. In the most critical situations Captain Picard or First Officer William Ryker would step into action to ensure success.  Getting on the front line of issues now and then will command respect from your employees and make sure you are analyzing problems with a real world perspective.  

5. Boldly go where no CIO has gone before. Technology is now the foundation for the success of almost every business or institution. In order for a CIO to be successful he or she needs to be a master of the mundane (think email and help desk) as well as the intellect behind innovation (think analysis of big data, transition to outsourcing and cloud services, and development of core business processes). More often than ever CIOs are being considered for CEO positions as organizations look to the CIO to lead the company's overall direction and drive profitability through efficiency and lean processes. In any leadership role it is important to be free to experiment, change the course, and head into the unknown.           

 

Are you concerned about data destruction and running a media disposal program consistent with best practices (NIST 800-88)?

 

Download 5 Data Destruction Tips

more

Topics: IT Asset Disposal, Management Tips, IT Management, Information Security

Project Management is Key to Safe IT Asset Disposition

Posted by Frank Milia

Nov 12, 2013 2:23:00 PM

Project management is a critical component in any IT project yet end of life disposal process is often lacking the proper amount of attention. Proper IT disposal planning will minimize data security risks and cleanly close out the life cycle of computer equipment with the creation of key asset management records.

Throwing together an IT disposal plan at the last minute or making it the afterthought to a refresh plan will put your firm at a higher risk of a data breach as well as vulnerable to poor evaluations or audits of your general IT practices.

 

IMG_0959According to Project Insight there are 5 Basic Phases of Project Management:

  1. Project conception and initiation
  2. Project definition and planning
  3. Project launch or execution
  4. Project performance and control
  5. Project close

 

Let’s briefly look into utilizing these 5 phases to accomplish the goal of safely and securing completing an IT disposal project.

Planning facility relocations, equipment upgrades, or the regular need for IT disposal will define the project conception and initiation piece. The conception phase is the ideal time to contact an IT asset disposition firm to qualify vendors and define the parameters of future services through a Master Service Agreement. At this stage it is not necessary to select vendors but to instead make sure the services are budgeted for and qualified service providers and tools have been identified and vetted.

It is important to take appropriate efforts to perform due diligence and gain an understanding of a disposal vendor’s insurance, data security policies, and environmental standards. This type of due diligence is difficult to perform at the end of an equipment upgrade where physical space, time, and human resources are limited.  

In the defining and planning stage thoughtful preparation must be invoked. Typical action items for a disposal project will include taking physical inventory, vendor selection, backing up critical data, physical relocation and consolidation of surplus equipment, and coordinating logistics for the equipment collection.

The project launch and execution involves informing staff of their responsibilities. Included in this are milestones expected, end dates, and any required reporting along the way. Each employee must be clear on tasks, deadlines, and requirements to other departments such as asset reporting to finance, adhering to security requirements set by info security and upper management, or meeting site access restrictions and insurance requirements for facilities.

Closing a disposition project will be defined by physical removal of the equipment from the site followed up with asset reporting, certification, and confirmation and reconciliation of the serialized data.

Project performance and control is all about flexibility. Adherence to schedules is ideal, but not always possible. When necessary adjust schedules and keep staff and vendors informed of any changes.

IT asset disposition is a regular result from various technology implementations and is worthy of serious consideration by project managers. With the proper management of surplus computer equipment disposal a firm will avoid data breaches and environmental liabilities as well as create a depository for managing an organization’s fixed assets.

 

Looking for More Info On Best Practices for EOL Equipment?

 

Download 5 Data Destruction Tips

 

 

more

Topics: IT End of Life Strategy, education & tips, Computer Liquidation, IT Management

5 Ways an IT Pro Can Succeed as a Manager

Posted by Frank Milia

Oct 1, 2013 12:08:00 PM

An IT Manager takes on a diverse role that encompasses technical challenges, analyzing information, staffing, conflict resolution, strategic planning, developing budgets, and even data center management. Both the technical and management components require your attention. It is crucial to both your success and the success of your team that you balance these responsibilities.

Our managers at ITAMG have provided 5 tips to help you succeed:

 

#1: Time Management


Do this: Make the most of every minute. You have two hats to wear – technical and management. To achieve success you must make a daily plan. Written or electronic, it doesn’t matter. Record all of your responsibilities and schedule them in time blocks. Be diligent and stick to this schedule whenever possible. According to this article in US News & World Report, “set specific time limits for routine tasks. Work tends to fill whatever amount of time you happen to have.” When emergencies occur, handle them, and then get back on schedule.

 

Don’t do this: Go into the day without a plan. Without a plan seemingly “secondary activities” such as getting input from employees, giving feedback, providing training will go by the wayside when inevitable technical issues arise.

 7K0A0223

 

#2: Build Relationships

 

Do this: In an an article on Monster.com Richard Hagberg, the president of the Hagberg Consulting Group, a company that develops training programs for the high tech industry is quoted, “First, carefully define your role. Then audit your time so you're spending time on building relationships and improving communication with everyone around you. Schedule appointments with subordinates and listen to their ideas. Initiate group problem-solving, particularly on real issues, rather than trying to solve everything yourself. Deal with substandard performance by coaching and holding people accountable." To build a strong, loyal force it is imperative to have an open line of communication.

 

Don’t do this: Have a closed door policy. When possible include employees when making decisions. Let them share their ideas to create a mutually respectful relationship.

 

#3: Keep Your Skills Sharp


Do this: You are likely a manager because you have exceptional technical skills. Continue to stay on the cutting-edge through research and training. Demonstrate those skills, jump in when complex problems are at hand. Respect is gained in this manner. Education for you and your team is critical to everyone’s success.

 

Don’t do this: Let your technical skills wane. Consider the importance of the respect of your technical subordinates and your ability to lead by example.

 

#4: Delegate


Do this: One of the keys to successful delegation is to know each team member’s strengths. You cannot successfully do everything yourself. Your company is best served when your expertise is devoted to finding solutions to critical issues and delegating accordingly.

 

Don’t do this: Do everything yourself. You and your team will suffer. The members in your group will see this as a lack of confidence in their abilities.

 7K0A0947

#5: Roll Up Your Sleeves


Do this: When matters arise that require multiple resources from your team, jump in when you can. Maybe next time your firm is getting ready for a computer disposal help the team take an inventory of the surplus computer equipment. Roll up your sleeves whenever possible and you will gain immeasurable respect form your team.

 

Don’t do this: Sit back and let your team do all the work. Make sure to always be a part of the solution. There’s no substitute for a boss that understands what it’s like to still be in the trenches.

 

By devoting the proper amount of time to each task, keeping your skills sharp, and demonstrating your willingness to be a part of the team, you will gain the respect and loyalty of your team. Master these 5 areas and you will soar as an IT Manager.

 

 

Looking for More Info On Best Practices for EOL Equipment?

 

 

Download 5 Data Destruction Tips

 

 

 

more

Topics: IT Asset Disposal, technology vendors, education & tips, Management Tips, IT Best Practices, IT Management

    

Follow ITAMG

ITAD Guidance

Stay informed on important IT asset management topics

We are developing and aggregating the top stories related to IT management, infosec, and computer hardware from the unique perspective of EOL experts.  

You will stay in touch with:

  • IT procurement trends and analysis
  • Data security methods and best practices
  • Compliance tools and updates

Subscribe to Email Updates

R2-2013_Logo.png

Visit our Main Site at: www.itamg.com