All non-required equipment should be physically decommissioned from the source IT room. This may include data destruction and physical disposal.
Decommissioning the IT room equipment
With the increased frequency of reported data breaches, it’s becoming more and more necessary for companies to decommissioning effective and reliable the data stored on retired IT equipment from falling into the wrong hands, or a data breach. When decommissioning assets, best practices include placing them in a quarantined room with restricted and monitored access. If not destroying sensitive information on site, a full audit of the disposition provider is highly recommended. Ensure that they have the proper qualifications and processes in place to protect the company sensitive information. If sending decommissioned assets to an asset disposition provider, take the time to have an accurate inventory of what is leaving the IT room and reconcile that with the reports they produce. Do not provide the list of equipment to the asset disposition provider in advance. Have a process in place to address discrepancies.
Update IT room repository
Keeping accurate records of the assets, even after they have been decommissioned, is important. During the update of the IT room repository, resist the temptation of deleting the entry for a decommissioned asset. Rather, before removing the item from the record of deployed IT assets, create a separate record for asset decommissioning. If something should happen to a decommissioned IT room equipment after it leaves the company, these records could play a crucial role in protecting your company from possible liabilities.
- Identify remaining physical equipment.
- Obtain formal agreement to the disposal policy for equipment and data.
- Obtain formal agreement of the inventory list to be decommissioned.
- Perform necessary disposal activities.
- Terminate temporary and non-required software license and support agreements.
- Update IT room repository.
Hints and tips
- Decommissioning treatments may vary, disposal of IT equipment is regulated. The Waste Electrical and Electronic Equipment Directive (WEEE Directive) is the European Community regulation. Other geographies will have similar directives.
- Disposal of data storage equipment and media requires specialist attention, the safe and guaranteed destruction of such materials is usually a specified requirement and contractual responsibility. Often it is best to engage specialist 3rd party vendors to do this.
- Disposal policy document.
- Disposal inventory list.
- Disposal completion certificates.
- Updated support and license agreement inventory.