• Risk Wizard Team

How to Integrate IT Asset Disposition into a Risk Management Strategy


Businesses ranging from startups to large corporations all need, to some extent, to rely on a robust IT ecosystem for today’s digital, computerised workplaces. Naturally, moving towards digital means of data storage, communications, and administration comes with its own set of risks that must be addressed.

One such field of interest for many companies these days is IT asset disposition. There are, as mentioned, many risks involved with IT systems, so how does IT asset disposition fit into the equation and how can risks be mitigated?


What is IT Asset Disposition?

IT asset disposition, often simply called ITAD, is a rapidly growing industry worldwide which focuses on the safe and secure disposal of old, redundant IT assets that have reached their end of life (EoL). ITAD services also include secure logistics of redundant equipment, inventory tracking, audit trails, as well as refurbishment and/or remarketing of company devices to third parties.


One popular ITAD service is data destruction, which involves the secure collection of a company’s retired IT assets and the destruction of all devices, often accompanied by video evidence and data destruction certificates.


Destruction methods include degaussing (very powerful magnets which render all data on HDDs irretrievable), shredding, punching/crushing, or disintegration with powerful acids.


Why is ITAD Needed in Risk Management?

Why bother going through all the effort of destroying a few dozen or a few hundred old hard drives with such extreme measures when you can simply reformat or wipe the drive? There are many reasons why these solutions are not recommended for data destruction. You might get away with it if you’re selling your personal laptop, but doing this with company-owned devices can have costly consequences.


So why go through all the effort, you may ask? One of the biggest risks to companies in today’s digital age comes through the form of cyber attacks and data breaches. Not all hackers choose to hack through IT networks and systems, however, as this can be challenging and requires the criminal to be quite savvy.


A far easier way to cause a data breach is to simply find an old hard drive carelessly tossed away and all of a sudden your entire organisation may have been compromised by a thief with relatively few skills. Same thing with wiping/reformatting. It is often possible to restore and retrieve sensitive data from such devices.


How to Integrate ITAD Into Your Risk Management Strategy

Prevention is often the best treatment, and when it comes to risks from improper data disposal or data destruction, it’s certainly more beneficial to be proactive and to have an ITAD strategy in place.


Organisations should have a robust ITAD plan in place, which includes considerations such as:

  • Keep an active inventory of all company owned devices, including their condition, lifespan, location, and other relevant characteristics.

  • Organise stakeholder meetings which include all key personnel to discuss the importance of data security and ITAD.

  • Create or enforce a company-wide policy for proper data privacy.

  • Retain an ITAD consultant to perform on-premises data destruction when devices reach their EoL.

  • Create an action plan for containing data breaches should they ever occur. Have a list of people to call in an emergency so that your IT systems can be decommissioned temporarily until the breach has been contained.

Risk Wizard

Experience the superior quality of risk management software by giving Risk Wizard a go today.