Data Security should be the main topic on everyone’s agenda when thinking of computer hardware recycling and disposal. Whilst focus on the actual process of data destruction or sanitisation is key there are a whole host of areas which require attention to ensure a safe, controlled environment for these services.
When choosing a partner, it is essential to have documented evidence to show the physical control over the environment to ensure that IT assets under the control of your partner are securely managed; that their facility is secure; access to the facility is secure; staff (both yours and theirs) is clear on their respective roles and responsibilities within the process. In addition, there is a crucial need for a formal and controlled process to be followed to ensure inventory control is in place and the chain of custody on the assets is clear.
Finally, the use of the correct tools to perform data destruction or sanitisation is essential as well as the same verification and quality checks being in place before a final sign off and release stage. Things to consider,a full inventory of equipment must be collated and be verified before any work commences.
You must obtain written documented evidence of the following:
Firstly, the process for data erasure or physical destruction of all types of data bearing devices and secondly an agreed schedule of works to include any additional services on-top of data erasure and any further off-site processing to be agreed prior to work commencing. It is also important to consider the process of removing data bearing devices but we suggest that all HDDs will be scanned, HDDs removed, scanned and then physically destroyed. Should an HDD be missing from a parent machine, a member of the IT Team must be informed immediately.
References should be made available for on-site works and we suggest all personnel undergo screening to a minimum level of BS7858. Insurance policies are in place in accordance with the clients required level but Professional Indemnity Insurance should be requested.
Secure computer recycling and disposal should also take into consideration the WEEE Directive and you should only use Environment Agency accredited comanies that hold an ATF (Authorised Treatment Facility) Licence and ensure that they can provide all compliant paperwork such as Waste transfer Note, Consignment Note, Duty of Care Note, Asset Register and Certificate of Destruction. It is also important to choose a company with the right accreditations and these should include ICO Registration, ISO 9001 Quality, ISO 14001 Environment and ISO 27001 Information Security.