Track, Trace and Terminate (Liability) The Three “Ts” for End-of-Life Data Security.

Maintaining data security is an ever-growing concern for today’s businesses, especially when the computer hardware in question is nearing its end-of-life (EOL) stage. Since EOL equipment is too old to be integrated into another part of the business and it carries no real value on the secondary market, having a strategy in place for managing the data and its safe disposal is the key to protecting your business and your clients.

A good way to determine if your data security process offers the level of protection your business needs is to check it to see if it meets the Three Ts for dealing with EOL data security – track, trace, and terminate (liability). In other words, your data security process should give you the ability to track the progression of your data destruction, trace your equipment through the data destruction funnel, and terminate your personal and professional liability by implementing the latest technologies for effective data elimination.

The following data security checklist will help ensure that your strategy effectively meets the Three Ts as well as all of your security objectives:

1)      Create a data security process that is uniform and secure and one that can be easily replicated.  Create your process before you need it.

2)      The process should be implemented across all regions and / or offices within an organization regardless of location or personnel. The process should be created to manage the security and exposure created by your respective business. In order to create a process that fits your needs, consider the following questions:

  • What is the exposure presented by your business and the assets used to produce that business or service?
  • Is your business public or private?
  • Is your corporate culture price-based or security-based? This will impact your decision and process.
  • What are the tools or vendors used in your process?

3)      Create Internal Controls: Simple items such as piece count can be overlooked, i.e. how many loose tapes should be verified before the process begins, during the process, and by the third party vendor at the end of the process / service.  Have your project manager sign off on all assets (quantity and serial number) before they leave the facility. This plays an important role in the tracking of your data destruction process. Other internal control considerations include:

  • Where is your business located?
  • How are your assets distributed?

i. Public or Private

ii. Centralized

iii. Multi-Location

iv. Remote Location

v. International Locations

  • Do you centralize the assets or is the process handled by / at the remote locations themselves?
  • How do you handle the remote sites / employees for data in transit?

4)      Create External Controls: The third party performing the data security process should validate piece count and serial number of all items processed. The third party must indemnify your company for service performed.

5)      Develop Detailed Reporting:  Reporting should track Hard Drives by serial number while in the company, while in transit to vendor or process, and when the drives have been erased and / or destroyed. Reporting from your vendor should be exportable so it can be imported into your asset tracking software. If possible, get online reporting to track the process of your vendor. Vendor certificates should be per serial number, not piece count. This helps you trace your equipment as it is being processed so you know exactly where it is in the data destruction funnel.

6)      Data Wiping Software:  Erasing drives using proprietary software is needed if your objective is to reuse drives, return drives to OEMs, or for end of life data security. Using high-level software to effectively wipe all of the data from the drives will help terminate your liability. When determining your software options, ensure that the software used offers the following:

 

System-Protected-Liquid-Technology-1220x800

 

7)      Data Security Checklist: Key Point Summary

  • Specific, defined reporting process starts up front
  •  Price or security?
  • Define your tools and their role in the process
  •  Locations need to know and USE the process
  • Track assets through end-of-life process (where, when, why)
  • Validate each step (by in-house personnel or vendor)
  • Certification – verify each serial number processed
  •  Manage liability
  • Track, Trace and Terminate (Liability) (The Three “Ts”)

GET A FREE QUOTE