Download Your Free Guide to Learn How to Plan Your ITAD Programs and Data Security Policies.

Once you recognize the value of a proper IT asset disposal program at your company, your next step is to determine who is actually going to do the work. For data destruction, you have a couple of options: assign members of your internal team to the task, partner with an IT asset disposal vendor to do all data destruction, or a combination of the two.

If you choose to partner with a vendor, you have another choice to make: whether to allow the vendor to take your IT assets out of your facility to perform any necessary data destruction at one of its facilities, or require data destruction to be performed on-site.

Below, we’ll work through the pros and cons of both options for IT asset disposal (often referred to with the acronym ITAD, for IT asset disposition).

The benefits of in-house ITAD

The most comforting thing about assigning your own IT team to perform IT asset disposition is that you know the job is getting done by the professionals you trust to oversee your IT infrastructure every day. There are significant risks associated with the disposal of IT assets: the risk of data breach, the risk of non-compliance with environmental or industry regulations. You want to put the responsibility into hands you trust, and who do you trust more than your own IT people? Having your own team wipe or sanitize hard drives means that your data never leaves your company control – as long as the process is completed properly 100% of the time.

Why not do ITAD in-house?

The members of your IT team are busy people. There’s a lot of work to be done to maintain all the elements of your IT infrastructure: hardware and software updates, technical support, network administration, etc. Rarely do your IT staff members have the luxury of focusing on one task at a time. And that’s just what’s required to do data destruction the right way.

Consider the consequences if, for example, an IT technician in the midst of sanitizing the data on a pile of laptops was called away to another task before completing the data sanitization? When that tech comes back, what if he doesn’t know for sure which ones successfully wiped? Or another technician might collect some of the laptops and have them packaged for for remarketing or recycling without realizing your customers’ sensitive data was still on one of them. Serious—and costly—data breaches have been triggered before by the information contained on a single laptop.

The benefits of outsourcing IT asset disposal

A team that specializes only in IT asset disposition will complete every step of the process without distraction. That includes packing and transporting the equipment, sanitizing data, and documenting the entire process so you have auditable reports ready to prove you’ve done IT asset disposal correctly. With the right partner, the cost and business interruption ITAD can cause will be significantly reduced.

Data sanitization: On- or off-site?

Finally, when you do choose to partner with a vendor to properly dispose of your IT assets, your vendor will often provide you the options of sanitizing the data stored on your equipment before or after it leaves your facility. You must make this decision based on risk and cost. Your corporate goverenance, risk and data security policies should be reviewed as you select the service level. It costs more to have data sanitization or destruction done onsite at your facility, but this may be worthwhile based on your company’s risks and compliance needs. Either way, partnering with a vendor that has received AAA certification from the National Association for Information Destruction (NAID) is the surest way to ensure your company’s and your customers’ sensitive has been removed—either on-site or off-site—according to the highest standards.

Data erasure is perhaps the most important component of the IT asset disposal process. We created our free document, “10 Myths About Data Erasure” to address some of the most frequent questions that arise when companies are planning their ITAD programs or data security policies.