A good equipment disposal policy need not be a long document. In fact, the shorter it is, the more likely it is to be read, remembered and actioned. Two or three pages are sufficient to cover the entire requirements in the vast majority of cases. A quick search online will reveal several examples that have been made public – by universities, for example. They serve as an excellent starting point. It is also very worthwhile to take a few moments to review your legal responsibilities in this regard.
1) Reassigning Equipment Internally
Sometimes this critical activity is overlooked when drafting disposal policies, simply because people do not think of it in the same context as permanently disposing of equipment. The crux of the mater lies in illicit and/or illegal activity performed by User A that leaves damning evidence on the HDD of a laptop, for example. User B takes ownership of the device and is later embroiled in an investigation where it cannot be proven who engaged in that questionable activity. Some well-known public figures have used this defence to cast doubt on a case against them, for example.
It only requires a sentence or two to state the requirement that all data must be sanitized before a new user accepts such a device. The licensed copy of the OS should also be reinstalled. That way the machine is immediately usable and decontaminated.
2) Media Should Not Be Forgotten
As time goes by, used and forgotten media can build up in cupboards and desks. Employees depart and leave “stuff” behind. These items can contain very sensitive data and should be treated with the same level of importance as devices as regards data sanitisation.
3) Suggest Graduated Options Before Total Destructive Disposal Is Called For
Internal or external repurposing is vastly preferable to outright disposal. So is resale. For that reason, your policy should suggest them as first preferences. Always stress the importance of data sanitisation and it’s also best not to leave sanitisation up to individuals, especially non-technical people. If needs be, offer the use of our services here at Absolute IT Asset Disposal Ltd. We guarantee 100% compliance with statutory requirements as well as commercial common sense interest regarding safety of sensitive data. Everything will be wiped clean and we can carry out the work either on your site or at our premises, as you prefer.
4) Highlight What Constitutes Hazardous Waste
Computer monitors should not simply be tossed into landfill as they are classified as hazardous waste under law. Your policy should make that very clear.
5) Include A Checklist
The last page of your policy document can be a simple checklist that guides users through all of the steps they should have followed. Something as basic as that often delivers better results than depending on individuals to assimilate and correctly interpret the contents of a policy document.
6) Provide Brief Guidelines Regarding Permanent Disposal
Should the only option be disposal through recycling, then it is important for staff to be aware that there are several reasons why care should be taken when selecting a disposal company. It is important both for your business and for the global environment that proper procedures and processes are guaranteed to be followed. All too often, equipment ends up in landfill here in the UK or in third world countries because the disposal company did not have robust and rigorous policies and procedures in place. Therefore, choose one that has a proper due diligence process.
In summary – all of the above should be considered when drafting your IT Equipment Disposal Policy. It does not take long to do and goes a long way to preventing data breaches or non-compliance with environmental regulations that could end up as undesirable headline news.