Maintaining data security is an ever-growing concern for today’s businesses, especially when the computer hardware in question is nearing its end-of-life (EOL) stage. Since EOL equipment is too old to be integrated into another part of the business and it carries no real value on the secondary market, having a strategy in place for managing the data and its safe disposal is the key to protecting your business and your clients.
A good way to determine if your data security process offers the level of protection your business needs is to check it to see if it meets the Three Ts for dealing with EOL data security – track, trace, and terminate (liability). In other words, your data security process should give you the ability to track the progression of your data destruction, trace your equipment through the data destruction funnel, and terminate your personal and professional liability by implementing the latest technologies for effective data elimination.
The following data security checklist will help ensure that your strategy effectively meets the Three Ts as well as all of your security objectives:
1) Create a data security process that is uniform and secure and one that can be easily replicated. Create your process before you need it.
2) The process should be implemented across all regions and / or offices within an organization regardless of location or personnel. The process should be created to manage the security and exposure created by your respective business. In order to create a process that fits your needs, consider the following questions:
3) Create Internal Controls: Simple items such as piece count can be overlooked, i.e. how many loose tapes should be verified before the process begins, during the process, and by the third party vendor at the end of the process / service. Have your project manager sign off on all assets (quantity and serial number) before they leave the facility. This plays an important role in the tracking of your data destruction process. Other internal control considerations include:
i. Public or Private
iv. Remote Location
v. International Locations
4) Create External Controls: The third party performing the data security process should validate piece count and serial number of all items processed. The third party must indemnify your company for service performed.
5) Develop Detailed Reporting: Reporting should track Hard Drives by serial number while in the company, while in transit to vendor or process, and when the drives have been erased and / or destroyed. Reporting from your vendor should be exportable so it can be imported into your asset tracking software. If possible, get online reporting to track the process of your vendor. Vendor certificates should be per serial number, not piece count. This helps you trace your equipment as it is being processed so you know exactly where it is in the data destruction funnel.
6) Data Wiping Software: Erasing drives using proprietary software is needed if your objective is to reuse drives, return drives to OEMs, or for end of life data security. Using high-level software to effectively wipe all of the data from the drives will help terminate your liability. When determining your software options, ensure that the software used offers the following:
7) Data Security Checklist: Key Point Summary