data sanitization vs destructionYour company’s IT assets are just that: assets. Even after they’ve been retired and written down to zero on your books, they often still have market value. Through remarketing, your company has a chance to recover some of its investment in IT equipment. The money your organization gets from remarketing its IT assets can also help offset the cost of their disposition. So how can you maximize investment recovery for your retired IT assets?

One factor to consider is whether to sanitize the data on your equipment’s hard drives or destroy the drives physically. Both approaches have advantages and disadvantages for cost, as well as data security. Choosing the right option for the right situation is an important aspect of planning your organization’s overall IT asset disposition (ITAD) strategy.

How physical destruction of hard drives affects resale value

You organization probably takes data security very seriously, and it should. Compliance with regulations and standards (HIPPA/HITECH, PCI, SOX, FACTA, GLB) requires strict data security processes. The current average cost of a data breach – in fines and bad PR – can measure in the thousands or even millions of dollars. It’s understandable, then, that an organization would consider the best way to ensure sensitive data doesn’t make it into the outside world is to physically destroy the hard drives from every piece of retired IT equipment. However, if you’re looking to recover some of your IT investment by remarketing your retired equipment, keep in mind that intact systems sell for more than systems lacking components – including hard drives. In fact, IT assets without hard drives can lose about 20 to 30 percent of their remarket value. The older the technology, the bigger the impact of missing hard drives on value.

Data sanitization: A secure alternative to physical drive destruction

All the major standards organizations in the U.S. and Europe accept proper data erasure as equal to the physical destruction of drives. The U.S. government standard developed by the National Institute of Standards and Technology, NIST 800-88, says that a single-pass overwrite is suitable for data destruction. How can you be sure your data sanitization procedure is in compliance with the latest industry standards and is as secure as physically destroying drives? Choose a partner that has been certified in data destruction by an industry-leading third party, like the National Association for Information Destruction (NAID). NAID AAA certification is only granted to organizations that pass its rigorous auditing process.

When data sanitization will cost you more

Data erasure does cost money, so erasing data from equipment that won’t have resale value can be a waste. Your ITAD vendor should be able to work with you to identify price trends on the resale market by asset type or class. This will help you determine if it’s worth the expense to sanitize your hard drives rather than destroy them.

One method—erasure or destruction—does not fit all the possible disposition scenarios, even within the same organization. A data center decommission, a laptop refresh, or the shutdown of an office with old equipment might have different risk/cost ratios. A good ITAD vendor can help you analyze the different factors and create a plan that balances your priorities for remarket value, compliance, risk, and security

Investment recovery and your ITAD plan

Remarketing your IT assets can be risky and should be part of an actively managed and well thought-out IT asset disposition (ITAD) program. Issues that need to be addressed in an enterprise-wide ITAD program include when to destroy hard drives and when to sanitize them. What else do you need to know on the road to developing an ITAD program that meets the needs of every stakeholder in your organization? Our IT Asset Manager’s Guide to Disposition discusses how a programmatic ITAD approach can respond to your concerns about ITAD costs, investment recovery, and integrating disposition data into your existing asset management system.