I'm gearing up for my first full IT Asset Disposal (ITAD) cycle, and my auditors are asking for documentation related to data sanitization. Is this a typical request? Do you all usually ask for reports or certificates when disposing of hardware?
4 Answers
Absolutely! Our internal team would scan the drives when removing them from servers and then send them for shredding. We received certificates along with video proof of the process. It's wise to create a policy that aligns with NIST 800-88r2 guidelines for data sanitization, and physical destruction is the simplest option for audits if you’re disposing of assets.
Definitely, it's pretty standard to choose a supplier that can certify the sanitization of hard drives and other devices when you're disposing of them, especially in any regulated industry.
From my time at an electronics recycling firm, I can say it’s quite common to request certified data destruction. We would serialize each item to track where it came from and where it ended up, as required for our certifications (like R2 v3 and NAID AAA). Many people often overlook the importance of these records for compliance, but it’s good practice. You can ask for them from the company that handled your equipment disposal, just don’t expect it to be free.
I didn't know much about ITAD before, but from my experience, yes, we always got certificates when we had hard drives destroyed.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures