Hardware Decommissioning Process: A 5-Step Checklist28 Jun 2023 | Hannaleena Pojanluoma
Guidelines for Secure IT Asset Disposal
Having a hardware decommissioning process in place is a practice that's too often forgotten by IT departments. Unfortunately, this has created an ongoing issue of devices that contain corporate data, such as routers and printers, being sold on the secondhand market.
The problem of failing to decommission hardware was recently highlighted by a research team for ESET when they purchased 18 used routers for test purposes. The team was shocked to discover data on 56% of the devices, including customer information, router-to-router authentication keys and application lists. If this data fell into the wrong hands, it would have been enough to launch a cyberattack.
Now that organizations own more hardware and IoT devices than ever, there’s more potential security and compliance issues they can run into by failing to decommission old equipment. In this blog, we will share a 5-step secure disposal checklist for anyone that’s tasked with ensuring data protection within an organization.
5-Step Checklist for Hardware Decommissioning Process
The lesson that should be taken from the ESET research is that any device leaving your company must be sanitized in order to ensure organizational secrets are not being openly sold in secondhand hardware markets.
Although organizations should create their own set of guidelines that IT teams can follow to decommission or securely dispose of old devices, we have listed 5 steps that should at least be considered for inclusion in such a document.
Step 1: Stay Organized by Keeping a Hardware Log
By creating and managing a hardware log, your organization will be able to keep track of all the hardware that’s been decommissioned. The log can be used to record relevant information relating to your retired hardware, such as the ID name or number, the date of decommission and the disposal partner (ITAD) that may have assisted in wiping the device. Having this information at hand will not only help you to stay organized, but it may be useful for compliance reasons too.
Step 2: Identify Device & Classify Information
Firstly, you need to understand what type of hardware you’re working with. Each device has its own particular needs, so the best method of removing data from a given piece of hardware will differ accordingly.
Next, you will want to establish what kind of data is stored on the hardware in question. Ask yourself what services the device ran and who were the main users of the hardware. If you come to the conclusion that the data is sensitive or in any way identifiable, you should actively take steps to remove it before it leaves your organization.
Step 3: Backup Your Data
Even if you have processes in place for automatically backing up hardware within your data center, you should safeguard against failure by creating a backup copy of the information a device holds before decommissioning it. Backup data can be important for keeping hold of proprietary information or any important configurations that may be needed going forwards. In addition, backups might be needed for legal reasons to provide proof of the data that a particular device stored before disposal.
Resetting the hardware can sometimes be enough to make data disappear for good. If it’s a router, you will want to consult the relevant manufacturer’s guidelines to find out how to restore the device to its factory settings.
For PCs, MacBooks, mobile phones, USB sticks and most other devices, restoring to factory settings won’t be enough to permanently remove the stored information. In these cases, you should use enterprise-level data sanitization software, such as BCWipe Total WipeOut, to securely erase all existing data from the device in question. If your organization is not confident about doing this in-house, you should work with a trusted disposal partner that can wipe the data for you and verify that it’s disappeared for good.
It’s never recommended to remove data from a device by destroying it. Resorting to physical destruction doesn’t guarantee that your data can’t be restored by a third party, while it also creates harmful electronic waste and rules out the prospect of the device in question being reused.
Step 5: Generate Report for Compliance
Once the hardware has been decommissioned, you may want to generate a report that provides proof of effective deletion. This is often needed for compliance reasons, so make sure you purchase sanitization software that provides this kind of feature or work with disposal partners that offer this service.
Learn More about Data Wiping for Your Hardware Decommissioning Process
Now you know about the importance of decommissioning hardware and have read through our 5-step checklist, your organization’s corporate secrets should never be anywhere near the secondhand tech market. To read more about the importance of data sanitization, why not check our ultimate guide to securely wiping computer hard drives clean?
Hannaleena Pojanluoma has been leading Jetico as CEO since May 2023, bringing with her more than 20 years of sales, marketing and technology experience. Previously working for a range of international companies in her native Finland, Pojanluoma has a broad understanding of diverse international markets.
Pojanluoma has been essential in driving sales growth since joining Jetico in October 2015. Her efforts have been concentrated on boosting sales and brand awareness in key European countries such as the United Kingdom, Germany and Italy.
As a member of Jetico's Board of Directors, she joins influential figures such as Tommi Rasila and Umeshchandra Gowda.
Thank you for contacting Jetico! We will respond to you as soon as possible.
Send us a message - we'll reply within 24 business hours.
Need help now? Call Us
US: 202 742 2901