Project Management is Key to Safe IT Asset Disposition

Posted by Frank Milia

Nov 12, 2013 2:23:00 PM

Project management is a critical component in any IT project yet end of life disposal process is often lacking the proper amount of attention. Proper IT disposal planning will minimize data security risks and cleanly close out the life cycle of computer equipment with the creation of key asset management records.

Throwing together an IT disposal plan at the last minute or making it the afterthought to a refresh plan will put your firm at a higher risk of a data breach as well as vulnerable to poor evaluations or audits of your general IT practices.

 

IMG_0959According to Project Insight there are 5 Basic Phases of Project Management:

  1. Project conception and initiation
  2. Project definition and planning
  3. Project launch or execution
  4. Project performance and control
  5. Project close

 

Let’s briefly look into utilizing these 5 phases to accomplish the goal of safely and securing completing an IT disposal project.

Planning facility relocations, equipment upgrades, or the regular need for IT disposal will define the project conception and initiation piece. The conception phase is the ideal time to contact an IT asset disposition firm to qualify vendors and define the parameters of future services through a Master Service Agreement. At this stage it is not necessary to select vendors but to instead make sure the services are budgeted for and qualified service providers and tools have been identified and vetted.

It is important to take appropriate efforts to perform due diligence and gain an understanding of a disposal vendor’s insurance, data security policies, and environmental standards. This type of due diligence is difficult to perform at the end of an equipment upgrade where physical space, time, and human resources are limited.  

In the defining and planning stage thoughtful preparation must be invoked. Typical action items for a disposal project will include taking physical inventory, vendor selection, backing up critical data, physical relocation and consolidation of surplus equipment, and coordinating logistics for the equipment collection.

The project launch and execution involves informing staff of their responsibilities. Included in this are milestones expected, end dates, and any required reporting along the way. Each employee must be clear on tasks, deadlines, and requirements to other departments such as asset reporting to finance, adhering to security requirements set by info security and upper management, or meeting site access restrictions and insurance requirements for facilities.

Closing a disposition project will be defined by physical removal of the equipment from the site followed up with asset reporting, certification, and confirmation and reconciliation of the serialized data.

Project performance and control is all about flexibility. Adherence to schedules is ideal, but not always possible. When necessary adjust schedules and keep staff and vendors informed of any changes.

IT asset disposition is a regular result from various technology implementations and is worthy of serious consideration by project managers. With the proper management of surplus computer equipment disposal a firm will avoid data breaches and environmental liabilities as well as create a depository for managing an organization’s fixed assets.

 

Looking for More Info On Best Practices for EOL Equipment?

 

Download 5 Data Destruction Tips

 

 

more

Topics: IT End of Life Strategy, education & tips, Computer Liquidation, IT Management

The Frightening Impact of Theft, Loss, and Data Breaches

Posted by Frank Milia

Oct 15, 2013 7:29:00 PM

“Don’t panic, it’s only a data breach.”  Are those words that you would ever hear?  Certainly not, because when there is a data breach while panic may not be the optimal reaction it more often than not is the reaction. 

A data breach can cause shock waves through a company and even a community.  Just look to the example of Santa Clara Valley Medical Center who had to notify 571 patients that their information, including birthday, age, sex, and even specific medical results,  was compromised after a laptop had been stolen from their location in San Jose, California.  571 individuals concerned about identity theft and their information in the hands of criminals all because one laptop was stolen.  

According to information obtained by Symantec, theft or loss was the top cause for data breaches second to criminal hacking.  The study, done in 2011, revealed the combined statistics from theft and hacking resulted in over 200 million compromised identities.

Guys_On_HD

 

So if theft is number one and hacking is number two, it is safe to say that companies must defend themselves sufficiently against both aspects.  HR and the department heads of IT must consistently be planning and implementing procedures to mitigate risk from both loss and criminal activity.  From demanding that simple procedures be followed such as shutting down computers so passwords are required on start up, locking down offices after work hours, to training on the importance of keeping mobile assets secure everywhere they go, companies must arm themselves with every means possible to take care of data that is stored on-site at the firm.

As an IT Asset Disposal vendor operating since 1999 we have found that assets at time of disposal are at an increased risk to theft.  When assets are retired and not properly secured, stored, and accounted for negligence can lead to a low tech data breach in the form of missing, lost, and stolen media.

The first step to ensuring loss and theft does not affect your data security is to take accurate inventory of retired assets.  Once this is complete assets should be kept in a locked room or cage until sanitized or serviced by an approved disposal vendor.  For highly confidential media santization or destruction should take place prior to disposal of equipment. Receiving logs and inventory audit reports from disposal vendors should then be used to cross reference serial numbers to your firm's asset management records. Many companies may have excellent data sanitization processes but neglect the serious threat of theft prior to the completion of data destruction due to real estate, space, and other logistics obstacles.        

In the Ponemon Institute’s and Symantec’s Report "2013 Cost of Data Breach Study,"  the numbers regarding the costs associated with a data breach are frightening:

 

US Cost per Record:  $188

Average Records per US Breach:  23,647

Average US Data Breach Total Cost:  $4,445,636

Average Cost Due to Lost Business: $3,030,814

 

In response to these alarming figures companies can also mitigate risk by implementing a policy regarding data destruction using a firm that will monitor, guard, and provide proof of destruction through Department of Defense compliant data eradication methods.

The U.S. Department of Defense (DOD) has established a National Industrial Security Program Operating Manual that various Federal Government Departments must use including the Department of Defense, Department of Energy, and CIA. The program describes the methods and systems by which classified information must be secured. Through this data destruction protocol, information is kept secure from acquisition through destruction.

Disastrous results can be avoided through strict adherence to safety and security policies both on-site and after the sale of IT equipment.  Informing customers and employees of a data breach is the last thing any company wants to have to do.  Customers will be lost and employees’ trust will be diminished. To avoid these issues company heads must plan accordingly, take action, and choose wisely when selecting vendors to help with security needs.

 

 

Looking for More Info On Best Practices for EOL Equipment?

 


Download 5 Data Destruction Tips

 

more

Topics: data destruction, data breach, Computer Liquidation, hard drive shredding, IT Asset Disposition

   

ITAD Guidance

Stay informed on important IT asset management topics.

Our posts focus on IT management, data security, and computer hardware from the unique perspective of IT asset disposal experts.

Subscribe and you will stay on top of:

  • IT procurement trends and analysis
  • Data security methods and best practices
  • Compliance tools and updates

Subscribe to Email Updates

R2-2013_Logo.png

Recent Posts

Visit our Main Site at: www.itamg.com