Establishing Policies and Procedures for Decommissioning IT Assets

Jan 23, 2021

When it comes to decommissioning IT assets, things aren’t quite as simple as just removing a device from circulation. Devices used by your company likely have a large amount of sensitive information stored on them. For this reason, it’s important to ensure that you can effectively control that data when you decommission a device.

Taking the time now to either establish or refine policies and procedures for decommissioning your IT assets is crucial. It’s best to head off any data problems before they arise. Failure to take the proper steps with sensitive data can lead to potential breaches and significant liability.


While the actual work of decommissioning assets usually falls to the IT or security departments, it’s important to communicate within all areas of your team about data storage. Consulting with your finance, legal, and human resources departments can allow you to get a more well-rounded view of your company’s data needs and concerns.

By listening to everyone’s interests at the beginning of the process, you can ensure that your policies and procedures are serving the company as a whole and protecting all potentially sensitive information from being exposed.

Inventory Control

Maintaining proper inventory control is a critical component of the quest to keep your company’s information secure. This process begins with tracking new equipment as soon as it comes in. By maintaining a database with standardized nomenclature, you can avoid time-consuming reconciliation work when it comes time to decommission a device.

In this database, you should also track the lifecycle of your IT assets. Depending on your company’s policies, you should keep tabs on how long each device has been in use, how often it’s been updated, any maintenance or other issues noted, and when each device will be replaced. This practice can keep you from facing data exposures from the continued use of outdated equipment.

Finally, when you decommission a device, you should keep that device in a separate room, one with restricted access that can be remotely monitored. This can help to prevent old devices from “walking away.”

Data Control

If you’re handling the destruction of confidential data in-house, be sure you have the tools and knowledge to find all data at rest. This data is sometimes stored in areas other than the hard drive, or it may reside on a hidden hard drive that is not easy to locate. Often, it’s best to leave this task to professionals who are trained in performing these kinds of services.

Third Parties

If you don’t employ in-house legal counsel, be sure to consult with an attorney about the ways in which you can best protect yourself from liability as it relates to decommissioned devices. You should also be sure your company has cyber insurance coverage in the event that you are sued over a data breach.

Finally, when it comes to choosing an ITAD company, be sure to ask the right questions. You should check that any company you hire is properly certified and has the capability and experience to properly fulfill your needs. While they may be doing the work, the data is still your responsibility.

If you would like more information regarding IT asset decommissioning in Sioux City and the rest of North and South Dakota, contact SEAM today.

SEAM provides IT recycling and data destruction services including onsite shredding and hard drive wiping to South Dakota, North Dakota, Minnesota, Iowa, and Nebraska.

Schedule a pickup or contact us for more information.