Secure computer recycling and the importance of data security is becoming a hot topic. What used to be the domain of IT and Information Governance is now becoming part of everybody’s thinking, or it should. The Information Commissioners Office is highlighting security breaches and all types of companies are being fined. When disposing of any kind of data bearing device, it is important that you gain peace of mind knowing that they have been overwritten or physically destroyed.
Assets
Whether on site or offsite it is imperative that the process begins with an exchange of information and documentation between you and the provider that clearly identifies the number of assets for destruction or collection; how the assets are identified; an agreed asset reconciliation process; sensitivity of data-bearing assets; confirmation of service required; pre-collection agreements and service level agreements and transfer of custody arrangements. Without this information the chain of custody and service structure cannot be initiated until equipment arrives on site. Without these foundations the process as a whole is weak and potentially insecure.
Risk Management
Also, the chain of custody is imperative in risk management within asset retirement and as such, once inside the confines of the facility the continuation of a controlled process is critical. Each stage should be reviewed and risk of failure in the process is assessed. Concept Management look for the potential scenarios whereby a robust process might fail due to an unforeseen issue and assesses whether that is an unacceptable risk. Review of both written and actual processes is undertaken as well as assessment of the technology used to perform and manage services.
Hard Drive Destruction
Concept Management feel that on site hard drive destruction is the best way to ensure hard drives with sensitive data are destroyed. You don’t have to rely on someone else’s assurances that they will be done. Onsite hard drive destruction means that no active sensitive data is transported around the country prior to being destroyed.
There are several methods of physical destruction, shredder or crush. Seeing is believing. Only physically destroying your hard drives ensures that the information is unrecoverable. On site hard drive shredding enables you to see the physical destruction at your premises. This means when audited, you can demonstrate that there is a very robust, secure destruction process in place.
Shredding, crushing and overwriting
Shredding can be used on various data bearing devices from HDDs, tape drives, CCTV and video tapes, CDs, DVDs, floppy discs, pen drives, you name it we can shred it, all in front of you, within a secure location and provide all compliant paperwork including asset register of everything shredded, collection report, duty of care and waste transfer note along with certificate of destruction. On site crushing is a more cost effective way of physically destruction and completely destroys the hard drive and renders it unreadable but the limitations are that it can only destroys HDDs.
Concept Management provide both on and off-site data overwriting. We use Blancco NCSC Approved Software and again this offers you the peace of mind, knowing that prior to leaving site that all data has been erased and that you have a secure, robust service that provides all compliant paperwork that meets all data security requirements and guidelines.