Professional Provider of Enterprise IT Solutions

Unitiv Blog

Subscribe to Unitiv Blog: eMailAlertsEmail Alerts
Get Unitiv Blog via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Compliance Journal, Sarbanes Oxley on Ulitzer

Blog Feed Post

IT Asset Disposal and Compliance: 4 Key Principles

While regulatory standards can vary greatly from one industry to the next, very few organizations are free of compliance requirements when it comes to data and IT assets. Compliance concerns can play a major role in a number of different areas, including risk management. When disposing of IT assets, data security policies and compliance concerns must be considered.

What IT asset disposal policies must address

There are several key regulatory areas that IT asset disposal policies need to be aware of, including:

•    FACTA. This federal act was designed to protect consumers from the risk of identity theft. FACTA addresses the proper ways to dispose of consumer information.

•    GLB. This act created consumer privacy rules that apply to banks, insurance companies and other financial institutions.

•    HIPPA. Along with HITECH, HIPPA outlines regulations involving the privacy and the security of health care data.

•    SOX. Normally thought of in terms of accounting rules, Sarbanes-Oxley Act sets standards for all public companies, management teams and boards.

•    PCI. Compliance with the rules for processing credit and debit cards must be taken into account when looking at IT asset disposal, too.

The broader your data is in terms of the various functions it serves and types of information it contains, the greater amount of regulations you need to observe.

Moving toward compliant IT asset disposal

When you dispose of retired IT assets, whether it’s through recycling or remarketing, you can be looking at a hidden risk. If there’s any chance of sensitive data getting to the outside world, you’re probably not in compliance with all of the various regulations.

Here are four steps you need to take in becoming compliant in your IT asset disposal:

  1. Understand the regulations. We’ve listed five of the most important regulatory acts and standards that you need to be concerned with above. Each has implications for asset disposal that you need to consider.
  2. Build compliant data security processes. Data security compliance starts long before the assets are being disposed of. Create and document data security processes for your IT asset disposal that meet the regulations you’ve identified.
  3. Make compliance mandatory. Be sure that everyone who touches the process of disposing of IT assets knows what the process should be and what the requirements are.
  4. Be prepared for an audit. You need to be able to show that you’ve been compliant in the event that you’re challenged via an audit.

Above all, make sure you document your IT asset disposal activities and create a verifiable process that will keep you in compliance from beginning to end.

More information: -Asset Recycling

Read the original blog entry...

More Stories By Unitiv Blog

Unitiv, Inc., is a professional provider of enterprise IT solutions. Unitiv delivers its services from its headquarters in Alpharetta, Georgia, USA, and its regional office in Iselin, New Jersey, USA. Unitiv provides a strategic approach to its service delivery, focusing on three core components: People, Products, and Processes. The People to advise and support customers. The Products to design and build solutions. The Processes to govern and manage post-implementation operations.