The Skinny on I.T. Asset Disposal

 
 
By David F. Carr  |  Posted 2007-09-05
 
 
 

Learn how to remove your company's hardware. View the slide show.

What Is It?

Getting rid of personal computers, servers, and other obsolete or unneeded devices in a secure and environmentally sound manner. Concerns about information-technology asset disposal are being driven partly by increased regulation—many states now bar computer equipment from simply being disposed of in a landfill because of concern about toxic components leaching into the environment. In addition, both regulation and worries about public embarrassment are driving companies to guard against the disclosure of customer data stored on PC or server hard drives.

Why Bother?

Dennis Owens, director of environmental services at the Memorial Hospital of Rhode Island, says the issue came to a head when the local landfills "quite suddenly" stopped accepting computer equipment. As he scrambled to find someone who would take obsolete equipment off his hands, he says, "We literally had people with pickups coming to us and saying they would take care of it for us."

But at the same time, he was reading about computer waste winding up in Third World countries and contaminating the drinking water. The hospital's information systems department also came to recognize that the techniques it was using to wipe hard drives might not guarantee that the data would be completely removed. So, the hospital now contracts with NextPhase, which takes responsibility for remarketing, recycling or disposing of equipment—and certifying that it is done in a safe and secure way.

"This is what a lot of our customers are asking for—protect my data and keep my company out of the headlines," says Chris Adam, director of NextPhase.

What Are My Options?

For most companies, the most efficient way of addressing this issue is to outsource it to a firm offering a package of data sanitization, asset disposal, remarketing and recycling services. Asset disposal specialists include NextPhase, Intechra, TechTurn, Supreme Asset Management Recycling and Cascade Asset Management, as well as divisions of major vendors like IBM, Hewlett-Packard and Dell.

"Unless you're a large organization and can afford to have a department specifically geared up to do this, I've been advising clients to outsource for years," says Frances O'Brien, a Gartner analyst.

What you want to do internally is look to reduce the amount of computer waste your organization produces, O'Brien says. For example, you might want to have employees keep the same monitor even when replacing their PC. Older PCs can also sometimes be redeployed for less demanding applications, extending their total life.

What About Leasing?

Corporations that lease, rather than purchase, PCs and other computer equipment may not have to worry about the disposal aspect per se, but sanitization of computer hard drives usually is not automatically included in the leasing agreement.

To be really sure you are protecting against the disclosure of corporate data, O'Brien recommends hard drives be sanitized to Department of Defense standards. The alternative, which is sometimes cheaper, is to destroy the hard drive.

Are the Requirements the Same for Everyone?

Not necessarily. Start by taking stock of your organization's tolerance for risk, the nature of the devices you will be disposing of and the type of data stored on them.

Firms in regulated industries, like finance and health care, will want the greatest assurance that data is properly sanitized. On the other hand, a manufacturer disposing of PCs used for shop-floor control may not have to worry about them containing consumer data.

If you want the greatest level of assurance, O'Brien recommends picking an established vendor with solid financial backing, and conducting your own audits to ensure that the firm is delivering the promised levels of service.