The amount of electronic equipment we use in our homes and offices has escalated in recent years, and its set to continue as more everyday devices become ‘connected’ to the internet-of-things (IoT).
While there are many benefits that technology brings to our life and work, it comes at a cost in terms of the Impacts on Energy Use and how IT Assets are managed at the end-of-life.
From both Information Security and Environmental points of view, we have to give it careful consideration.
Reduce, Reuse, Recycle
Redeploy equipment to other users in the business saves time and money, but there’s a risk that data from the previous user could be exposed to the new user.
A formal process for rebuilding and redeploying equipment should be in place to ensure that all data has been removed and a new user profile has been created before devices are reissued.
If the equipment is underperforming for a business setting, it may still find a second life through a charity or community group with less demanding requirements.
Secure Disposal, Data Destruction
Data can be stored on any device that contains a memory, so not just Laptops and PCs but also tablets, printers, scanners, cameras and car infotainment systems.
Destroying the data can be done in several ways, and while I’ve come across many organisations who delight in the physical destruction of a drive, due to the way data is stored, this might not be as destructive as you’d imagine.
Overwriting data to a recognised standard such as HMG InfoSec Standard 5 is an industry standard.
When you delete a file from a drive, you’ll usually just be removing its reference from a file table. Using a recognised standard will ensure that data is overwritten many times, so it is nearly impossible to retrieve.
Shredding is also an acceptable method of destruction but ensure the contract follows BS 15713 (Secure Destruction of Confidential Material – Code of Practice), which specifies the handling of confidential waste, and the size of the shredding – which is important.
The advantage of using a contractor for any of the above methods is that they will provide a certificate of destruction which completes your duty of care and closes the loop on traceability of the asset.
Conclusion
The disposal of IT Assets has an impact on both an organisation’s information security, and its environmental impact.
Making plans for equipment’s end-of-life will ensure the negative impacts are minimised.
Guest Blog by Robert Clements
From Assent Risk Management – Part of a series by Assent Risk Management and AvISO Consultancy